Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable... Moderate Unreviewed
CVE-2022-1522 was published Sep 7, 2022
Temporary urls leaked via logging Low
CVE-2017-8761 was published for swift (pip) Jun 8, 2021
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an... Critical Unreviewed
CVE-2015-10011 was published Jan 3, 2023
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the... Moderate Unreviewed
CVE-2019-14854 was published May 24, 2022
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when... Moderate Unreviewed
CVE-2018-10932 was published May 13, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed
CVE-2023-0595 was published Feb 24, 2023
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
Sensitive Data Exposure in Openshift Container Platform Moderate Unreviewed
CVE-2019-10213 was published May 17, 2021
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated... High Unreviewed
CVE-2023-6002 was published Nov 8, 2023
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7... Moderate Unreviewed
CVE-2023-46713 was published Dec 13, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability... High Unreviewed
CVE-2023-3997 was published Jul 31, 2023
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected... Moderate Unreviewed
CVE-2023-7234 was published Jan 16, 2024
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed
CVE-2021-20333 was published May 24, 2022
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate... Moderate Unreviewed
CVE-2023-38020 was published Feb 2, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed... Low Unreviewed
CVE-2024-22229 was published Jan 24, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1... Moderate Unreviewed
CVE-2024-0987 was published Jan 29, 2024
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM... Moderate Unreviewed
CVE-2024-22356 was published Mar 26, 2024
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that... Moderate Unreviewed
CVE-2023-1711 was published May 30, 2023
ProTip! Advisories are also available from the GraphQL API