Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed
CVE-2022-2241 was published Aug 2, 2022
Path traversal in xwiki-platform-skin-skinx Moderate
CVE-2022-23620 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Feb 9, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2022-0210 was published Jan 19, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,... Moderate Unreviewed
CVE-2022-0220 was published Feb 2, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin Moderate
CVE-2022-30966 was published for org.jenkins-ci.plugins:random-string-parameter (Maven) May 18, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed
CVE-2022-0450 was published Mar 29, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed
CVE-2022-0421 was published Nov 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... Critical Unreviewed
CVE-2022-34820 was published Jul 13, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
Heron allows CRLF log injection Critical
CVE-2021-42010 was published for org.apache.heron:heron-api (Maven) Oct 24, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
dojox vulnerable to unescaped string injection Critical
CVE-2018-15494 was published for dojox (npm) Oct 15, 2018
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed
CVE-2021-31806 was published May 24, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user... Moderate Unreviewed
CVE-2021-45226 was published Jan 25, 2022
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3190 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database