Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the... Moderate Unreviewed
CVE-2023-22998 was published Feb 28, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2022-42472 was published Feb 16, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
Apache Shiro Interpretation Conflict vulnerability High
CVE-2023-22602 was published for org.apache.shiro:shiro-root (Maven) Jan 14, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,... Moderate Unreviewed
CVE-2022-38115 was published Nov 23, 2022
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW... High Unreviewed
CVE-2022-20915 was published Oct 11, 2022
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558... Moderate Unreviewed
CVE-2021-41437 was published Sep 27, 2022
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS... Moderate Unreviewed
CVE-2022-34009 was published Jul 29, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an... High Unreviewed
CVE-2021-34699 was published May 24, 2022
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a... Critical Unreviewed
CVE-2021-40870 was published May 24, 2022
A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX... High Unreviewed
CVE-2021-1587 was published May 24, 2022
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out... High Unreviewed
CVE-2021-29988 was published May 24, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2021-28474 was published May 24, 2022
An improper interpretation conflict of certain data between certain software components within... High Unreviewed
CVE-2021-0207 was published May 24, 2022
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2020-3564 was published May 24, 2022
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE... High Unreviewed
CVE-2020-3200 was published May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP... Moderate Unreviewed
CVE-2019-19089 was published May 24, 2022
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted... Moderate Unreviewed
CVE-2020-9362 was published May 24, 2022
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP... Moderate Unreviewed
CVE-2020-9363 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database