GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
756
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
3,516 advisories
Filter by severity
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME...
High
Unreviewed
CVE-2020-5323
was published
May 24, 2022
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to...
High
Unreviewed
CVE-2020-23148
was published
May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local...
Critical
Unreviewed
CVE-2022-32269
was published
Jun 4, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges...
High
Unreviewed
CVE-2020-18875
was published
May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14...
High
Unreviewed
CVE-2021-30653
was published
May 24, 2022
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation...
Moderate
Unreviewed
CVE-2021-42663
was published
May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection...
High
Unreviewed
CVE-2020-23050
was published
May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
High
Unreviewed
CVE-2022-43932
was published
Jan 5, 2023
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
High
Unreviewed
CVE-2021-33195
was published
May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness...
Critical
Unreviewed
CVE-2021-0268
was published
May 24, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ...
High
Unreviewed
CVE-2021-25682
was published
May 24, 2022
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
Moderate
Unreviewed
CVE-2021-40658
was published
Jun 15, 2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to...
Moderate
Unreviewed
CVE-2022-29269
was published
Jun 30, 2022
There is an object injection vulnerability in swfupload plugin for wordpress.
Critical
Unreviewed
CVE-2013-4144
was published
Jul 1, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for...
High
Unreviewed
CVE-2021-36913
was published
Oct 11, 2022
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not...
Moderate
Unreviewed
CVE-2017-0154
was published
May 17, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2021-20543
was published
Jun 25, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1
High
CVE-2022-33011
was published
for
idno/known
(Composer)
Jul 9, 2022
Remote code execution in xwiki-platform
High
CVE-2022-23616
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 9, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2022-34306
was published
Jul 9, 2022
ProTip!
Advisories are also available from the
GraphQL API