GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
549 advisories
Filter by severity
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Moderate
Unreviewed
CVE-2021-43961
was published
Mar 19, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured...
Moderate
Unreviewed
CVE-2021-27493
was published
Apr 3, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the...
Moderate
Unreviewed
CVE-2021-22055
was published
Apr 12, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious...
Moderate
Unreviewed
CVE-2021-29416
was published
May 24, 2022
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation...
Moderate
Unreviewed
CVE-2021-42663
was published
May 24, 2022
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
Moderate
Unreviewed
CVE-2021-40658
was published
Jun 15, 2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to...
Moderate
Unreviewed
CVE-2022-29269
was published
Jun 30, 2022
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not...
Moderate
Unreviewed
CVE-2017-0154
was published
May 17, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2021-20543
was published
Jun 25, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2022-34306
was published
Jul 9, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is...
Moderate
Unreviewed
CVE-2021-39028
was published
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API