Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,482 advisories

Loading
Activity Stream can display content from sent from the Snippet Service website. This content is... Moderate Unreviewed
CVE-2019-11718 was published May 24, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish... Low Unreviewed
CVE-2019-1010310 was published May 24, 2022
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is... High Unreviewed
CVE-2019-0319 was published May 24, 2022
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka... Moderate Unreviewed
CVE-2016-10761 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
Rancher code injection via fluentd config commands High
CVE-2019-12303 was published for github.com/rancher/rancher (Go) May 24, 2022
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function.... High Unreviewed
CVE-2019-6800 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8900 was published May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Critical Unreviewed
CVE-2016-8901 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8899 was published May 24, 2022
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an... Moderate Unreviewed
CVE-2019-3562 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero... High Unreviewed
CVE-2019-9900 was published May 24, 2022
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the... High Unreviewed
CVE-2019-11354 was published May 24, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject... Moderate Unreviewed
CVE-2022-23068 was published May 19, 2022
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 ... Moderate Unreviewed
CVE-2022-30991 was published May 19, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of... Moderate Unreviewed
CVE-2014-5084 was published May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted... High Unreviewed
CVE-2014-7844 was published May 17, 2022
LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. High Unreviewed
CVE-2014-4982 was published May 17, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database