GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,439
Erlang
29
GitHub Actions
16
Go
1,665
Maven
4,923
npm
3,453
NuGet
594
pip
2,854
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
168 advisories
Filter by severity
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
Critical
Unreviewed
CVE-2022-28375
was published
Jul 15, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
High
Unreviewed
CVE-2022-28374
was published
Jul 15, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
Critical
Unreviewed
CVE-2022-34820
was published
Jul 13, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the...
High
Unreviewed
CVE-2022-23079
was published
Jun 23, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Improper Encoding or Escaping of Output in Apache Superset
Moderate
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Stored XSS vulnerability in Jenkins Git Plugin
Moderate
CVE-2021-21684
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an...
Critical
Unreviewed
CVE-2021-33672
was published
May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
Moderate
Unreviewed
CVE-2021-39367
was published
May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This...
Moderate
Unreviewed
CVE-2021-22254
was published
May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A...
Moderate
Unreviewed
CVE-2021-38751
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to...
Moderate
Unreviewed
CVE-2021-32067
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get...
Moderate
Unreviewed
CVE-2021-32072
was published
May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being...
Moderate
Unreviewed
CVE-2021-20333
was published
May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator...
High
Unreviewed
CVE-2021-23205
was published
May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug...
Moderate
Unreviewed
CVE-2021-31806
was published
May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote...
High
Unreviewed
CVE-2020-4850
was published
May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc...
Critical
Unreviewed
CVE-2021-28940
was published
May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows...
Moderate
Unreviewed
CVE-2020-29023
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized...
High
Unreviewed
CVE-2021-20405
was published
May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can...
High
Unreviewed
CVE-2020-35475
was published
May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter...
Moderate
Unreviewed
CVE-2020-28954
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API