Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

82 advisories

Loading
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Apache StreamPark LDAP Injection vulnerability Moderate
CVE-2022-45801 was published for org.apache.streampark:streampark (Maven) May 1, 2023
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Magento 2 Community Edition Injection Vulnerability Moderate
CVE-2019-7889 was published for magento/community-edition (Composer) May 24, 2022
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
SilverStripe CSV Excel Macro Injection Moderate
CVE-2017-18049 was published for silverstripe/framework (Composer) May 14, 2022
Moodle Does Not Escape Characters In Email Headers Moderate
CVE-2016-5013 was published for moodle/moodle (Composer) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API