GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
213 advisories
Filter by severity
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Improper Encoding or Escaping of Output in Apache Superset
High
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Stored XSS vulnerability in Jenkins Git Plugin
Moderate
CVE-2021-21684
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an...
Critical
Unreviewed
CVE-2021-33672
was published
May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
Moderate
Unreviewed
CVE-2021-39367
was published
May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This...
Moderate
Unreviewed
CVE-2021-22254
was published
May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A...
Moderate
Unreviewed
CVE-2021-38751
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to...
Moderate
Unreviewed
CVE-2021-32067
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get...
Moderate
Unreviewed
CVE-2021-32072
was published
May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being...
Moderate
Unreviewed
CVE-2021-20333
was published
May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator...
High
Unreviewed
CVE-2021-23205
was published
May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug...
Moderate
Unreviewed
CVE-2021-31806
was published
May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote...
High
Unreviewed
CVE-2020-4850
was published
May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc...
Critical
Unreviewed
CVE-2021-28940
was published
May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows...
Moderate
Unreviewed
CVE-2020-29023
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized...
High
Unreviewed
CVE-2021-20405
was published
May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can...
High
Unreviewed
CVE-2020-35475
was published
May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter...
Moderate
Unreviewed
CVE-2020-28954
was published
May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly...
High
Unreviewed
CVE-2020-24849
was published
May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private...
High
Unreviewed
CVE-2020-25646
was published
May 24, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for...
Moderate
Unreviewed
CVE-2020-27604
was published
May 24, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x...
High
Unreviewed
CVE-2020-26116
was published
May 24, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to...
Moderate
Unreviewed
CVE-2020-24972
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API