Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

203 advisories

Loading
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed
CVE-2021-32072 was published May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed
CVE-2021-20333 was published May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator... High Unreviewed
CVE-2021-23205 was published May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed
CVE-2021-31806 was published May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote... High Unreviewed
CVE-2020-4850 was published May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc... Critical Unreviewed
CVE-2021-28940 was published May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed
CVE-2020-29023 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized... High Unreviewed
CVE-2021-20405 was published May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can... High Unreviewed
CVE-2020-35475 was published May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed
CVE-2020-28954 was published May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly... High Unreviewed
CVE-2020-24849 was published May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private... High Unreviewed
CVE-2020-25646 was published May 24, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for... Moderate Unreviewed
CVE-2020-27604 was published May 24, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed
CVE-2020-26116 was published May 24, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to... Moderate Unreviewed
CVE-2020-24972 was published May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-12674 was published May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-12675 was published May 24, 2022
LibreOffice documents can contain macros. The execution of those macros is controlled by the... High Unreviewed
CVE-2019-9853 was published May 24, 2022
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe... Moderate Unreviewed
CVE-2019-15944 was published May 24, 2022
Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10362 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed
CVE-2019-11717 was published May 24, 2022
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows... Moderate Unreviewed
CVE-2019-3571 was published May 24, 2022
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary... High Unreviewed
CVE-2018-16386 was published May 24, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database