Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Improper Encoding or Escaping of Output in Apache Superset Moderate
CVE-2021-42250 was published for apache-superset (pip) May 24, 2022
Stored XSS vulnerability in Jenkins Git Plugin Moderate
CVE-2021-21684 was published for org.jenkins-ci.plugins:git (Maven) May 24, 2022
NotMyFault
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an... Critical Unreviewed
CVE-2021-33672 was published May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed
CVE-2021-39367 was published May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed
CVE-2021-22254 was published May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed
CVE-2021-38751 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed
CVE-2021-32067 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed
CVE-2021-32072 was published May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed
CVE-2021-20333 was published May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator... High Unreviewed
CVE-2021-23205 was published May 24, 2022
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed
CVE-2021-31806 was published May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote... High Unreviewed
CVE-2020-4850 was published May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc... Critical Unreviewed
CVE-2021-28940 was published May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed
CVE-2020-29023 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized... High Unreviewed
CVE-2021-20405 was published May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can... High Unreviewed
CVE-2020-35475 was published May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed
CVE-2020-28954 was published May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly... High Unreviewed
CVE-2020-24849 was published May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private... High Unreviewed
CVE-2020-25646 was published May 24, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for... Moderate Unreviewed
CVE-2020-27604 was published May 24, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed
CVE-2020-26116 was published May 24, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to... Moderate Unreviewed
CVE-2020-24972 was published May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-12675 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API