Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Link injection in SimpleSAMLphp Low
GHSA-2r3v-q9x3-7g46 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
hyp3rlinx
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
XSS in HtmlSanitizer Low
CVE-2020-26293 was published for HtmlSanitizer (NuGet) Jan 4, 2021
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible Low Unreviewed
CVE-2022-29816 was published Apr 29, 2022
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with... Low Unreviewed
CVE-2005-3007 was published May 1, 2022
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and... Low Unreviewed
CVE-2008-0456 was published May 1, 2022
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0... Low Unreviewed
CVE-2015-0116 was published May 17, 2022
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish... Low Unreviewed
CVE-2019-1010310 was published May 24, 2022
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2... Low Unreviewed
CVE-2017-18860 was published May 24, 2022
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. Low Unreviewed
CVE-2020-13480 was published May 24, 2022
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can... Low Unreviewed
CVE-2020-14965 was published May 24, 2022
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private... Low Unreviewed
CVE-2020-15011 was published May 24, 2022
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a... Low Unreviewed
CVE-2020-1443 was published May 24, 2022
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the... Low Unreviewed
CVE-2020-25048 was published May 24, 2022
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains... Low Unreviewed
CVE-2020-16230 was published May 24, 2022
Unsanitized input leading to code injection in Dalli Low
CVE-2022-4064 was published for dalli (RubyGems) Nov 19, 2022
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID... Low Unreviewed
CVE-2023-29383 was published Apr 15, 2023
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can... Low Unreviewed
CVE-2022-23721 was published Apr 25, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
Mattermost Injection vulnerability Low
CVE-2023-35075 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit... Low Unreviewed
CVE-2023-6004 was published Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API