GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
82 advisories
Filter by severity
vm2 vulnerable to Inspect Manipulation
Moderate
CVE-2023-32313
was published
for
vm2
(npm)
May 17, 2023
Apache StreamPark LDAP Injection vulnerability
Moderate
CVE-2022-45801
was published
for
org.apache.streampark:streampark
(Maven)
May 1, 2023
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
Denial of service (DoS) when processing Git credentials
Moderate
CVE-2022-43756
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
OctoPrint vulnerable to Special Element Injection
Moderate
CVE-2022-3607
was published
for
OctoPrint
(pip)
Oct 19, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Moderate
CVE-2022-39217
was published
for
some-natalie/ghas-to-csv
(GitHub Actions)
Sep 16, 2022
Feehi CMS host header injection vulnerability
Moderate
CVE-2022-38796
was published
for
feehi/cms
(Composer)
Sep 15, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
Moderate
CVE-2022-31108
was published
for
mermaid
(npm)
Jul 5, 2022
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
component-flatten vulnerable to Prototype Pollution
Moderate
CVE-2019-10794
was published
for
component-flatten
(npm)
May 24, 2022
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
Magento 2 Community Edition Injection Vulnerability
Moderate
CVE-2019-7889
was published
for
magento/community-edition
(Composer)
May 24, 2022
Radicale regex metacharacters injection in the user name
Moderate
CVE-2015-8748
was published
for
Radicale
(pip)
May 17, 2022
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Moodle Does Not Escape Characters In Email Headers
Moderate
CVE-2016-5013
was published
for
moodle/moodle
(Composer)
May 13, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Injection in Apache Archiva
Moderate
CVE-2020-9495
was published
for
org.apache.archiva:archiva
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API