Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

139 advisories

Loading
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
A vulnerability has been found in Activity Log Plugin and classified as critical. This... Critical Unreviewed
CVE-2022-3941 was published Nov 11, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed
CVE-2022-27858 was published Nov 9, 2022
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper... Critical Unreviewed
CVE-2021-38395 was published Oct 28, 2022
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in... Critical Unreviewed
CVE-2020-27602 was published Sep 30, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed
CVE-2022-3236 was published Sep 25, 2022
Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can... Critical Unreviewed
CVE-2022-34773 was published Aug 23, 2022
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows... Critical Unreviewed
CVE-2022-34294 was published Aug 16, 2022
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A... Critical Unreviewed
CVE-2022-31657 was published Aug 6, 2022
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as... Critical Unreviewed
CVE-2016-15004 was published Jul 24, 2022
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is... Critical Unreviewed
CVE-2022-34914 was published Jul 9, 2022
There is an object injection vulnerability in swfupload plugin for wordpress. Critical Unreviewed
CVE-2013-4144 was published Jul 1, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Critical Unreviewed
CVE-2021-43185 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38458 was published May 24, 2022
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote... Critical Unreviewed
CVE-2021-41392 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2021-20509 was published May 24, 2022
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that... Critical Unreviewed
CVE-2021-22910 was published May 24, 2022
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an... Critical Unreviewed
CVE-2021-3169 was published May 24, 2022
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to... Critical Unreviewed
CVE-2021-20736 was published May 24, 2022
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host... Critical Unreviewed
CVE-2018-25016 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database