GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
459 advisories
Filter by severity
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the...
High
Unreviewed
CVE-2017-20161
was published
Jan 2, 2023
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who...
High
Unreviewed
CVE-2022-46873
was published
Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by...
High
Unreviewed
CVE-2022-43883
was published
Dec 19, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via...
High
Unreviewed
CVE-2022-3724
was published
Dec 9, 2022
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This...
High
Unreviewed
CVE-2022-4322
was published
Dec 7, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some...
High
Unreviewed
CVE-2022-4300
was published
Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is...
High
Unreviewed
CVE-2022-4282
was published
Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and...
High
Unreviewed
CVE-2022-35507
was published
Dec 4, 2022
Account Takeover Through Password Reset Poisoning
High
CVE-2022-33012
was published
for
microweber/microweber
(Composer)
Nov 22, 2022
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is...
High
Unreviewed
CVE-2022-3967
was published
Nov 13, 2022
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
High
Unreviewed
CVE-2022-41716
was published
Nov 2, 2022
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated...
High
Unreviewed
CVE-2022-39016
was published
Nov 1, 2022
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all...
High
Unreviewed
CVE-2022-3060
was published
Oct 17, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for...
High
Unreviewed
CVE-2021-36913
was published
Oct 11, 2022
By sending specific queries to the resolver, an attacker can cause named to crash.
High
Unreviewed
CVE-2022-3080
was published
Sep 22, 2022
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options....
High
Unreviewed
CVE-2022-37027
was published
Sep 22, 2022
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an...
High
Unreviewed
CVE-2022-37108
was published
Sep 8, 2022
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.
High
Unreviewed
CVE-2022-33900
was published
Aug 23, 2022
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable...
High
Unreviewed
CVE-2022-38357
was published
Aug 16, 2022
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600...
High
Unreviewed
CVE-2022-36323
was published
Aug 11, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code...
High
Unreviewed
CVE-2022-31665
was published
Aug 6, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code...
High
Unreviewed
CVE-2022-31658
was published
Aug 6, 2022
ProTip!
Advisories are also available from the
GraphQL API