Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

529 advisories

Loading
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed
CVE-2021-43961 was published Mar 19, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
ProTip! Advisories are also available from the GraphQL API