Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

73 advisories

Loading
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site... Moderate Unreviewed
CVE-2023-37875 was published Sep 14, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning. Moderate Unreviewed
CVE-2022-31458 was published Jul 25, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15... Moderate Unreviewed
CVE-2023-2200 was published Jul 13, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,... Moderate Unreviewed
CVE-2023-36919 was published Jul 11, 2023
When copying a network request from the developer tools panel as a curl command the output was... Moderate Unreviewed
CVE-2023-23599 was published Jun 2, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that... Moderate Unreviewed
CVE-2023-1711 was published May 30, 2023
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'... Moderate Unreviewed
CVE-2023-31669 was published May 23, 2023
Sudo before 1.9.13 does not escape control characters in log messages. Moderate Unreviewed
CVE-2023-28486 was published Mar 16, 2023
Sudo before 1.9.13 does not escape control characters in sudoreplay output. Moderate Unreviewed
CVE-2023-28487 was published Mar 16, 2023
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed
CVE-2023-0595 was published Feb 24, 2023
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection... Moderate Unreviewed
CVE-2022-45102 was published Feb 1, 2023
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed
CVE-2015-10040 was published Jan 13, 2023
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through... Moderate Unreviewed
CVE-2021-38997 was published Dec 12, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed
CVE-2022-0421 was published Nov 21, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP... Moderate Unreviewed
CVE-2022-34316 was published Nov 15, 2022
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed
CVE-2022-2241 was published Aug 2, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed
CVE-2021-39367 was published May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed
CVE-2021-22254 was published May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed
CVE-2021-38751 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed
CVE-2021-32067 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed
CVE-2021-32072 was published May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed
CVE-2021-20333 was published May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed
CVE-2021-31806 was published May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed
CVE-2020-29023 was published May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed
CVE-2020-28954 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database