Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

437 advisories

Loading
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2019-20680 was published May 24, 2022
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could... Moderate Unreviewed
CVE-2020-11647 was published May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina... Moderate Unreviewed
CVE-2020-3884 was published May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a... Moderate Unreviewed
CVE-2020-6811 was published May 24, 2022
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname)... Moderate Unreviewed
CVE-2019-18860 was published May 24, 2022
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A... Moderate Unreviewed
CVE-2020-7982 was published May 24, 2022
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n... Moderate Unreviewed
CVE-2020-6581 was published May 24, 2022
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially... Moderate Unreviewed
CVE-2020-10075 was published May 24, 2022
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed
CVE-2020-10460 was published May 24, 2022
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to... Moderate Unreviewed
CVE-2019-19614 was published May 24, 2022
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. Moderate Unreviewed
CVE-2020-9466 was published May 24, 2022
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash.... Moderate Unreviewed
CVE-2020-9428 was published May 24, 2022
LiteCart through 2.2.1 allows CSV injection via a customer's profile. Moderate Unreviewed
CVE-2020-9017 was published May 24, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an... Moderate Unreviewed
CVE-2020-4161 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs... Moderate Unreviewed
CVE-2020-1790 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient... Moderate Unreviewed
CVE-2020-1811 was published May 24, 2022
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
SuiteCRM through 7.11.11 allows PHAR Deserialization. Moderate Unreviewed
CVE-2020-8801 was published May 24, 2022
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP... Moderate Unreviewed
CVE-2020-5821 was published May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7045 was published May 24, 2022
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7044 was published May 24, 2022
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class... Moderate Unreviewed
CVE-2019-11045 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database