Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the... High Unreviewed
CVE-2017-20161 was published Jan 2, 2023
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who... High Unreviewed
CVE-2022-46873 was published Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by... High Unreviewed
CVE-2022-43883 was published Dec 19, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via... High Unreviewed
CVE-2022-3724 was published Dec 9, 2022
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This... High Unreviewed
CVE-2022-4322 was published Dec 7, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some... High Unreviewed
CVE-2022-4300 was published Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is... High Unreviewed
CVE-2022-4282 was published Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and... High Unreviewed
CVE-2022-35507 was published Dec 4, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is... High Unreviewed
CVE-2022-3967 was published Nov 13, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on... High Unreviewed
CVE-2022-41716 was published Nov 2, 2022
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated... High Unreviewed
CVE-2022-39016 was published Nov 1, 2022
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all... High Unreviewed
CVE-2022-3060 was published Oct 17, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for... High Unreviewed
CVE-2021-36913 was published Oct 11, 2022
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options.... High Unreviewed
CVE-2022-37027 was published Sep 22, 2022
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an... High Unreviewed
CVE-2022-37108 was published Sep 8, 2022
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed
CVE-2022-33900 was published Aug 23, 2022
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable... High Unreviewed
CVE-2022-38357 was published Aug 16, 2022
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600... High Unreviewed
CVE-2022-36323 was published Aug 11, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code... High Unreviewed
CVE-2022-31665 was published Aug 6, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code... High Unreviewed
CVE-2022-31658 was published Aug 6, 2022
ProTip! Advisories are also available from the GraphQL API