GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,468
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,833
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions...
High
Unreviewed
CVE-2023-32708
was published
Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48471
was published
Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48473
was published
Jun 16, 2023
Improper Input Validation in nyholm/psr7
Moderate
GHSA-wjfc-pgfp-pv9c
was published
for
nyholm/psr7
(Composer)
Apr 21, 2023
Improper header validation in httpsoft/http-message
Moderate
GHSA-9jxr-mwpp-w643
was published
for
httpsoft/http-message
(Composer)
Apr 21, 2023
Improper header name validation in guzzlehttp/psr7
Moderate
CVE-2023-29197
was published
for
guzzlehttp/psr7
(Composer)
Apr 19, 2023
Insecure header validation in slim/psr7
Moderate
CVE-2023-30536
was published
for
slim/psr7
(Composer)
Apr 18, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the...
Moderate
Unreviewed
CVE-2023-22998
was published
Feb 28, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful...
High
Unreviewed
CVE-2022-48230
was published
Feb 27, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful...
High
Unreviewed
CVE-2022-48261
was published
Feb 27, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in...
Moderate
Unreviewed
CVE-2022-42472
was published
Feb 16, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Critical
CVE-2023-24813
was published
for
dompdf/dompdf
(Composer)
Feb 7, 2023
Header injection in TurboGears
Critical
CVE-2019-25101
was published
for
TurboGears
(pip)
Feb 4, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
Apache Shiro Interpretation Conflict vulnerability
High
CVE-2023-22602
was published
for
org.apache.shiro:shiro-root
(Maven)
Jan 14, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,...
Moderate
Unreviewed
CVE-2022-38115
was published
Nov 23, 2022
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW...
High
Unreviewed
CVE-2022-20915
was published
Oct 11, 2022
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558...
Moderate
Unreviewed
CVE-2021-41437
was published
Sep 27, 2022
Broken Authorization in ZITADEL Actions
High
CVE-2022-36051
was published
for
github.com/zitadel/zitadel
(Go)
Aug 30, 2022
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS...
Moderate
Unreviewed
CVE-2022-34009
was published
Jul 29, 2022
Failed payment recorded has completed in Silverstripe Omnipay
Low
CVE-2022-29254
was published
for
silverstripe/silverstripe-omnipay
(Composer)
Jun 6, 2022
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2021-34699
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API