GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows...
Moderate
Unreviewed
CVE-2019-3571
was published
May 24, 2022
A vulnerability exists where the caret ("^") character is improperly escaped constructing some...
Moderate
Unreviewed
CVE-2019-11717
was published
May 24, 2022
Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10362
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe...
Moderate
Unreviewed
CVE-2019-15944
was published
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to...
Moderate
Unreviewed
CVE-2020-24972
was published
May 24, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for...
Moderate
Unreviewed
CVE-2020-27604
was published
May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter...
Moderate
Unreviewed
CVE-2020-28954
was published
May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows...
Moderate
Unreviewed
CVE-2020-29023
was published
May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug...
Moderate
Unreviewed
CVE-2021-31806
was published
May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being...
Moderate
Unreviewed
CVE-2021-20333
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get...
Moderate
Unreviewed
CVE-2021-32072
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to...
Moderate
Unreviewed
CVE-2021-32067
was published
May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A...
Moderate
Unreviewed
CVE-2021-38751
was published
May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This...
Moderate
Unreviewed
CVE-2021-22254
was published
May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
Moderate
Unreviewed
CVE-2021-39367
was published
May 24, 2022
Stored XSS vulnerability in Jenkins Git Plugin
Moderate
CVE-2021-21684
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Improper Encoding or Escaping of Output in Apache Superset
Moderate
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in...
Moderate
Unreviewed
CVE-2022-2241
was published
Aug 2, 2022
Moodle Improper Encoding or Escaping of Output
Moderate
CVE-2021-40694
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP...
Moderate
Unreviewed
CVE-2022-34316
was published
Nov 15, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation...
Moderate
Unreviewed
CVE-2022-0421
was published
Nov 21, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through...
Moderate
Unreviewed
CVE-2021-38997
was published
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API