Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded... High Unreviewed
CVE-2015-8800 was published May 13, 2022
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a... High Unreviewed
CVE-2019-9614 was published May 13, 2022
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated,... High Unreviewed
CVE-2018-0313 was published May 13, 2022
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a... High Unreviewed
CVE-2018-18250 was published May 13, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... High Unreviewed
CVE-2018-4106 was published May 13, 2022
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone,... High Unreviewed
CVE-2018-7032 was published May 13, 2022
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by... High Unreviewed
CVE-2017-17531 was published May 13, 2022
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate... High Unreviewed
CVE-2017-17518 was published May 13, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
uiutil.c in FontForge through 20170731 does not validate strings before launching the program... High Unreviewed
CVE-2017-17521 was published May 13, 2022
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ... High Unreviewed
CVE-2015-4075 was published May 13, 2022
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,... High Unreviewed
CVE-2018-9062 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... High Unreviewed
CVE-2018-18992 was published May 13, 2022
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk... High Unreviewed
CVE-2017-6015 was published May 13, 2022
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ... High Unreviewed
CVE-2017-6031 was published May 13, 2022
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort... High Unreviewed
CVE-2017-16719 was published May 13, 2022
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7... High Unreviewed
CVE-2015-1592 was published May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... High Unreviewed
CVE-2017-3547 was published May 13, 2022
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an... High Unreviewed
CVE-2017-6748 was published May 13, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to... High Unreviewed
CVE-2017-6971 was published May 13, 2022
ntopng before 3.0 allows HTTP Response Splitting. High Unreviewed
CVE-2017-7459 was published May 13, 2022
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as... High Unreviewed
CVE-2018-20167 was published May 13, 2022
** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses... High Unreviewed
CVE-2017-14523 was published May 14, 2022
Opencast RCE Vulnerability High
CVE-2017-1000217 was published for org.opencastproject:base (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database