GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Denial of service (DoS) when processing Git credentials
Moderate
CVE-2022-43756
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
OctoPrint vulnerable to Special Element Injection
Moderate
CVE-2022-3607
was published
for
OctoPrint
(pip)
Oct 19, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Moderate
CVE-2022-39217
was published
for
some-natalie/ghas-to-csv
(GitHub Actions)
Sep 16, 2022
Feehi CMS host header injection vulnerability
Moderate
CVE-2022-38796
was published
for
feehi/cms
(Composer)
Sep 15, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
Moderate
CVE-2022-31108
was published
for
mermaid
(npm)
Jul 5, 2022
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
component-flatten vulnerable to Prototype Pollution
Moderate
CVE-2019-10794
was published
for
component-flatten
(npm)
May 24, 2022
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
Magento 2 Community Edition Injection Vulnerability
Moderate
CVE-2019-7889
was published
for
magento/community-edition
(Composer)
May 24, 2022
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Moodle Does Not Escape Characters In Email Headers
Moderate
CVE-2016-5013
was published
for
moodle/moodle
(Composer)
May 13, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Injection in Apache Archiva
Moderate
CVE-2020-9495
was published
for
org.apache.archiva:archiva
(Maven)
Feb 10, 2022
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
Prototype Pollution in undefsafe
Moderate
CVE-2019-10795
was published
for
undefsafe
(npm)
Feb 9, 2022
Prototype Pollution in dot-object
Moderate
CVE-2019-10793
was published
for
dot-object
(npm)
Feb 9, 2022
Credentials bypass in Apache Druid
Moderate
CVE-2020-1958
was published
for
org.apache.druid:druid
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API