GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
186 advisories
Filter by severity
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2019-12674
was published
May 24, 2022
LibreOffice documents can contain macros. The execution of those macros is controlled by the...
High
Unreviewed
CVE-2019-9853
was published
May 24, 2022
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe...
Moderate
Unreviewed
CVE-2019-15944
was published
May 24, 2022
Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10362
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
A vulnerability exists where the caret ("^") character is improperly escaped constructing some...
Moderate
Unreviewed
CVE-2019-11717
was published
May 24, 2022
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows...
Moderate
Unreviewed
CVE-2019-3571
was published
May 24, 2022
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary...
High
Unreviewed
CVE-2018-16386
was published
May 24, 2022
Command injection in Apache Maven maven-shared-utils
Critical
CVE-2022-29599
was published
for
org.apache.maven.shared:maven-shared-utils
(Maven)
May 24, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin
Moderate
CVE-2022-30966
was published
for
org.jenkins-ci.plugins:random-string-parameter
(Maven)
May 18, 2022
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special...
High
Unreviewed
CVE-2016-3063
was published
May 17, 2022
Shell command injection in gitea
High
CVE-2022-30781
was published
for
code.gitea.io/gitea
(Go)
May 17, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,...
Critical
Unreviewed
CVE-2018-9246
was published
May 14, 2022
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,...
Moderate
Unreviewed
CVE-2017-12340
was published
May 13, 2022
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior...
High
Unreviewed
CVE-2017-12064
was published
May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows...
Critical
Unreviewed
CVE-2017-8303
was published
May 13, 2022
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1...
High
Unreviewed
CVE-2014-9938
was published
May 13, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display...
Moderate
Unreviewed
CVE-2019-6109
was published
May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps...
Moderate
Unreviewed
CVE-2019-0857
was published
May 13, 2022
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8...
High
Unreviewed
CVE-2018-8609
was published
May 13, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ...
Moderate
Unreviewed
CVE-2018-2389
was published
May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ...
High
Unreviewed
CVE-2018-8920
was published
May 13, 2022
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended...
High
Unreviewed
CVE-2013-4547
was published
May 13, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a...
High
Unreviewed
CVE-2016-2568
was published
May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for...
Moderate
Unreviewed
CVE-2021-39027
was published
May 7, 2022
ProTip!
Advisories are also available from the
GraphQL API