Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,198
Maven
5,000+
npm
3,843
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+

239 advisories

Loading
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
Improper encoding or escaping of output vulnerability in the webapi component in Synology... Moderate Unreviewed
CVE-2024-50629 was published Mar 19, 2025
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology... Critical Unreviewed
CVE-2024-10441 was published Mar 19, 2025
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can... Moderate Unreviewed
CVE-2024-39929 was published Jul 4, 2024
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection... Critical Unreviewed
CVE-2022-48339 was published Feb 21, 2023
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-35894 was published Mar 7, 2025
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed
CVE-2024-49355 was published Feb 20, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed
CVE-2024-56473 was published Feb 6, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user... Moderate Unreviewed
CVE-2024-52891 was published Jan 7, 2025
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0... High Unreviewed
CVE-2024-12368 was published Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control... Critical Unreviewed
CVE-2022-46387 was published Mar 28, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed
CVE-2022-30351 was published Mar 30, 2023
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15... Moderate Unreviewed
CVE-2022-24682 was published Feb 10, 2022
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed
CVE-2022-42948 was published Mar 24, 2023
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM... Moderate Unreviewed
CVE-2024-22356 was published Mar 26, 2024
MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-qwj6-q94f-8425 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue... Moderate Unreviewed
CVE-2024-56277 was published Jan 21, 2025
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2022-22399 was published Mar 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database