Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf Moderate
CVE-2016-8750 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP... Moderate Unreviewed
CVE-2018-5730 was published May 13, 2022
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP... Critical Unreviewed
CVE-2011-4069 was published May 14, 2022
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle... High Unreviewed
CVE-2017-4927 was published May 17, 2022
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a... Critical Unreviewed
CVE-2017-14596 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier... Critical Unreviewed
CVE-2017-8790 was published May 17, 2022
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC... High Unreviewed
CVE-2016-9870 was published May 17, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated... Moderate Unreviewed
CVE-2019-4297 was published May 24, 2022
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0,... High Unreviewed
CVE-2019-11277 was published May 24, 2022
OneDev is a development operations platform. If the LDAP external authentication mechanism is... Moderate Unreviewed
CVE-2021-32651 was published May 24, 2022
camel-ldap component allows LDAP Injection when using the filter option Critical
CVE-2022-45046 was published for org.apache.camel:camel-ldap (Maven) Dec 5, 2022
Improper neutralization of special elements used in an LDAP query ('LDAP Injection')... Moderate Unreviewed
CVE-2022-45910 was published Dec 7, 2022
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters High Unreviewed
CVE-2022-4254 was published Feb 1, 2023
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP... High Unreviewed
CVE-2023-3447 was published Jun 29, 2023
Keycloak vulnerable to LDAP Injection on UsernameForm Login Low
CVE-2022-2232 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 29, 2023
kongold
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2... Moderate Unreviewed
CVE-2023-6905 was published Dec 18, 2023
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API