GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
137,193 advisories
Filter by severity
Cross-site Scripting in microweber
Moderate
CVE-2022-0928
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub...
Moderate
Unreviewed
CVE-2021-33150
was published
Mar 12, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Moderate
Unreviewed
CVE-2022-0822
was published
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Spoofing attack in swagger-ui-dist
Moderate
CVE-2021-46708
was published
for
swagger-ui-dist
(npm)
Mar 12, 2022
Path traversal in FreeTAKServer-UI
Moderate
CVE-2022-25511
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
SQL Injection in FreeTAKServer-UI
Moderate
CVE-2022-25506
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for...
Moderate
Unreviewed
CVE-2022-0280
was published
Mar 12, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following...
Moderate
Unreviewed
CVE-2021-41849
was published
Mar 13, 2022
Sudden swap of user auth tokens in Volto
Moderate
CVE-2022-24740
was published
for
@plone/volto
(npm)
Mar 14, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0962
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
Moderate
Unreviewed
CVE-2022-26276
was published
Mar 13, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Moderate
Unreviewed
CVE-2022-0820
was published
Mar 12, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0880
was published
for
showdoc/showdoc
(Composer)
Mar 13, 2022
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape...
Moderate
Unreviewed
CVE-2022-0248
was published
Mar 15, 2022
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type...
Moderate
Unreviewed
CVE-2021-42262
was published
Mar 13, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown...
Moderate
Unreviewed
CVE-2021-45888
was published
Mar 14, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to...
Moderate
Unreviewed
CVE-2021-24966
was published
Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection...
Moderate
Unreviewed
CVE-2022-22344
was published
Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable...
Moderate
Unreviewed
CVE-2021-45889
was published
Mar 14, 2022
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before...
Moderate
Unreviewed
CVE-2021-24940
was published
Mar 15, 2022
Cross-site Scripting in FreeTAKServer-UI
Moderate
CVE-2022-25507
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the...
Moderate
Unreviewed
CVE-2021-24996
was published
Mar 15, 2022
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting...
Moderate
Unreviewed
CVE-2021-25006
was published
Mar 15, 2022
ProTip!
Advisories are also available from the
GraphQL API