GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
390 advisories
Filter by severity
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Moderate
Unreviewed
CVE-2021-43961
was published
Mar 19, 2022
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured...
Moderate
Unreviewed
CVE-2021-27493
was published
Apr 3, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the...
Moderate
Unreviewed
CVE-2021-22055
was published
Apr 12, 2022
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious...
Moderate
Unreviewed
CVE-2021-29416
was published
May 24, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation...
Moderate
Unreviewed
CVE-2021-42663
was published
May 24, 2022
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
Moderate
Unreviewed
CVE-2021-40658
was published
Jun 15, 2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to...
Moderate
Unreviewed
CVE-2022-29269
was published
Jun 30, 2022
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not...
Moderate
Unreviewed
CVE-2017-0154
was published
May 17, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2021-20543
was published
Jun 25, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2022-34306
was published
Jul 9, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is...
Moderate
Unreviewed
CVE-2021-39028
was published
Jul 15, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could...
Moderate
Unreviewed
CVE-2022-34160
was published
Jul 9, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users...
Moderate
Unreviewed
CVE-2016-0881
was published
May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in...
Moderate
Unreviewed
CVE-2013-6501
was published
May 17, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie...
Moderate
Unreviewed
CVE-2015-5841
was published
May 17, 2022
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to...
Moderate
Unreviewed
CVE-2021-27611
was published
May 24, 2022
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an...
Moderate
Unreviewed
CVE-2022-36302
was published
Aug 2, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf...
Moderate
Unreviewed
CVE-2015-2704
was published
May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM...
Moderate
Unreviewed
CVE-2015-7466
was published
May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1...
Moderate
Unreviewed
CVE-2015-0169
was published
May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the...
Moderate
Unreviewed
CVE-2015-0931
was published
May 17, 2022
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is...
Moderate
Unreviewed
CVE-2022-40958
was published
Dec 22, 2022
ProTip!
Advisories are also available from the
GraphQL API