Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall Credited to sjwall
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect... Low Unreviewed
CVE-2006-0388 was published May 1, 2022
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2... Low Unreviewed
CVE-2006-0723 was published May 1, 2022
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to... Low Unreviewed
CVE-2006-4624 was published May 1, 2022
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not... Low Unreviewed
CVE-2008-3294 was published May 1, 2022
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM... Low Unreviewed
CVE-2010-0155 was published May 2, 2022
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to... Low Unreviewed
CVE-2012-4791 was published May 14, 2022
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before... Low Unreviewed
CVE-2012-4049 was published May 14, 2022
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6... Low Unreviewed
CVE-2012-1594 was published May 14, 2022
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1... Low Unreviewed
CVE-2012-4048 was published May 17, 2022
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere... Low Unreviewed
CVE-2013-3998 was published May 17, 2022
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before... Low Unreviewed
CVE-2013-2950 was published May 17, 2022
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in... Low Unreviewed
CVE-2012-3355 was published May 17, 2022
Withdrawn: Code Injection in loguru Low
CVE-2022-0329 was published for loguru (pip) Jan 28, 2022 withdrawn
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). Low Unreviewed
CVE-2018-20896 was published May 24, 2022
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This... Low Unreviewed
CVE-2023-33229 was published Jul 26, 2023
A potential JSON injection attack vector exists in PingFederate REST API data stores using the... Low Unreviewed
CVE-2024-21832 was published Jul 10, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options... Low Unreviewed
CVE-2024-8258 was published Sep 10, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote... Low Unreviewed
CVE-2024-28811 was published Sep 30, 2024
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an... Low Unreviewed
CVE-2025-1465 was published Feb 19, 2025
An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021... Low Unreviewed
CVE-2021-41527 was published Feb 7, 2025
Apache Kylin Code Injection via JDBC Configuration Alteration Low
CVE-2025-30067 was published for org.apache.kylin:kylin (Maven) Mar 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database