GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Critical
Unreviewed
CVE-2024-7873
was published
Sep 17, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an...
Critical
Unreviewed
CVE-2024-38475
was published
Jul 1, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows...
Critical
Unreviewed
CVE-2024-38474
was published
Jul 1, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to...
Critical
Unreviewed
CVE-2023-47143
was published
Feb 2, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php...
Critical
Unreviewed
CVE-2023-48655
was published
Nov 17, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape...
Critical
Unreviewed
CVE-2023-38316
was published
Nov 17, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output
Critical
CVE-2023-3668
was published
for
froxlor/froxlor
(Composer)
Jul 14, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection...
Critical
Unreviewed
CVE-2022-48339
was published
Feb 21, 2023
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler...
Critical
Unreviewed
CVE-2022-25987
was published
Feb 16, 2023
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an...
Critical
Unreviewed
CVE-2015-10011
was published
Jan 3, 2023
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue...
Critical
Unreviewed
CVE-2022-4011
was published
Nov 16, 2022
A vulnerability has been found in Activity Log Plugin and classified as critical. This...
Critical
Unreviewed
CVE-2022-3941
was published
Nov 11, 2022
Heron allows CRLF log injection
Critical
CVE-2021-42010
was published
for
org.apache.heron:heron-api
(Maven)
Oct 24, 2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component ...
Critical
Unreviewed
CVE-2022-41443
was published
Oct 4, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP...
Critical
Unreviewed
CVE-2022-39956
was published
Sep 21, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API