GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
318 advisories
Filter by severity
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction...
High
Unreviewed
CVE-2021-43097
was published
Mar 30, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders...
High
Unreviewed
CVE-2022-28345
was published
Apr 16, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject...
High
Unreviewed
CVE-2022-27924
was published
Apr 22, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
High
Unreviewed
CVE-2020-8644
was published
May 24, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an...
High
Unreviewed
CVE-2020-17496
was published
May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME...
High
Unreviewed
CVE-2020-5323
was published
May 24, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to...
High
Unreviewed
CVE-2020-23148
was published
May 24, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges...
High
Unreviewed
CVE-2020-18875
was published
May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14...
High
Unreviewed
CVE-2021-30653
was published
May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection...
High
Unreviewed
CVE-2020-23050
was published
May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
High
Unreviewed
CVE-2022-43932
was published
Jan 5, 2023
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
High
Unreviewed
CVE-2021-33195
was published
May 24, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ...
High
Unreviewed
CVE-2021-25682
was published
May 24, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for...
High
Unreviewed
CVE-2021-36913
was published
Oct 11, 2022
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary...
High
Unreviewed
CVE-2021-36668
was published
Jul 13, 2022
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2...
High
Unreviewed
CVE-2017-9133
was published
May 17, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of...
High
Unreviewed
CVE-2017-2140
was published
May 17, 2022
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code...
High
Unreviewed
CVE-2022-31593
was published
Jul 13, 2022
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2...
High
Unreviewed
CVE-2017-9135
was published
May 17, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify...
High
Unreviewed
CVE-2015-8258
was published
May 17, 2022
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
High
Unreviewed
CVE-2022-26654
was published
Jul 18, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL...
High
Unreviewed
CVE-2017-5585
was published
May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a...
High
Unreviewed
CVE-2015-3200
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API