Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed
CVE-2022-42948 was published Mar 24, 2023
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15... Moderate Unreviewed
CVE-2022-24682 was published Feb 10, 2022
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed
CVE-2022-30351 was published Mar 30, 2023
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control... Critical Unreviewed
CVE-2022-46387 was published Mar 28, 2023
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0... High Unreviewed
CVE-2024-12368 was published Feb 25, 2025
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user... Moderate Unreviewed
CVE-2024-52891 was published Jan 7, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed
CVE-2024-56473 was published Feb 6, 2025
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed
CVE-2024-49355 was published Feb 20, 2025
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-35894 was published Mar 7, 2025
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection... Critical Unreviewed
CVE-2022-48339 was published Feb 21, 2023
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can... Moderate Unreviewed
CVE-2024-39929 was published Jul 4, 2024
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology... Critical Unreviewed
CVE-2024-10441 was published Mar 19, 2025
Improper encoding or escaping of output vulnerability in the webapi component in Synology... Moderate Unreviewed
CVE-2024-50629 was published Mar 19, 2025
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon ... Moderate Unreviewed
CVE-2025-30657 was published Apr 9, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed
CVE-2025-32072 was published Apr 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database