Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

76 advisories

Loading
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Magento 2 Community Edition Injection Vulnerability Moderate
CVE-2019-7889 was published for magento/community-edition (Composer) May 24, 2022
SilverStripe CSV Excel Macro Injection Moderate
CVE-2017-18049 was published for silverstripe/framework (Composer) May 14, 2022
Moodle Does Not Escape Characters In Email Headers Moderate
CVE-2016-5013 was published for moodle/moodle (Composer) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API