GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
Critical
Unreviewed
CVE-2022-36446
was published
Jul 26, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
Critical
Unreviewed
CVE-2022-28375
was published
Jul 15, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
Critical
Unreviewed
CVE-2022-34820
was published
Jul 13, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an...
Critical
Unreviewed
CVE-2021-33672
was published
May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc...
Critical
Unreviewed
CVE-2021-28940
was published
May 24, 2022
Command injection in Apache Maven maven-shared-utils
Critical
CVE-2022-29599
was published
for
org.apache.maven.shared:maven-shared-utils
(Maven)
May 24, 2022
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,...
Critical
Unreviewed
CVE-2018-9246
was published
May 14, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows...
Critical
Unreviewed
CVE-2017-8303
was published
May 13, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My...
Critical
Unreviewed
CVE-2022-22992
was published
Jan 29, 2022
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
dojox vulnerable to unescaped string injection
Critical
CVE-2018-15494
was published
for
dojox
(npm)
Oct 15, 2018
ProTip!
Advisories are also available from the
GraphQL API