Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,480
Erlang
29
GitHub Actions
16
Go
1,694
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22 advisories

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-0325 was published Feb 2, 2024
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This... Low Unreviewed
CVE-2023-33229 was published Jul 26, 2023
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). Low Unreviewed
CVE-2018-20896 was published May 24, 2022
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3,... Low Unreviewed
CVE-2010-3172 was published May 17, 2022
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in... Low Unreviewed
CVE-2012-3355 was published May 17, 2022
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before... Low Unreviewed
CVE-2013-2950 was published May 17, 2022
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere... Low Unreviewed
CVE-2013-3998 was published May 17, 2022
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1... Low Unreviewed
CVE-2012-4048 was published May 17, 2022
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6... Low Unreviewed
CVE-2012-1594 was published May 14, 2022
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before... Low Unreviewed
CVE-2012-4049 was published May 14, 2022
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to... Low Unreviewed
CVE-2012-4791 was published May 14, 2022
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM... Low Unreviewed
CVE-2010-0155 was published May 2, 2022
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not... Low Unreviewed
CVE-2008-3294 was published May 1, 2022
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and... Low Unreviewed
CVE-2008-0456 was published May 1, 2022
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to... Low Unreviewed
CVE-2006-4624 was published May 1, 2022
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*... Low Unreviewed
CVE-2006-2312 was published May 1, 2022
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2... Low Unreviewed
CVE-2006-0723 was published May 1, 2022
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect... Low Unreviewed
CVE-2006-0388 was published May 1, 2022
Withdrawn: Code Injection in loguru Low
CVE-2022-0329 was published for loguru (pip) Jan 28, 2022 withdrawn
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
ProTip! Advisories are also available from the GraphQL API