Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,723
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2... Moderate Unreviewed
CVE-2023-6905 was published Dec 18, 2023
Keycloak vulnerable to LDAP Injection on UsernameForm Login Low
CVE-2022-2232 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 29, 2023
kongold
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP... High Unreviewed
CVE-2023-3447 was published Jun 29, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters High Unreviewed
CVE-2022-4254 was published Feb 1, 2023
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
Improper neutralization of special elements used in an LDAP query ('LDAP Injection')... Moderate Unreviewed
CVE-2022-45910 was published Dec 7, 2022
camel-ldap component allows LDAP Injection when using the filter option Critical
CVE-2022-45046 was published for org.apache.camel:camel-ldap (Maven) Dec 5, 2022
OneDev is a development operations platform. If the LDAP external authentication mechanism is... Moderate Unreviewed
CVE-2021-32651 was published May 24, 2022
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0,... High Unreviewed
CVE-2019-11277 was published May 24, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated... Moderate Unreviewed
CVE-2019-4297 was published May 24, 2022
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC... High Unreviewed
CVE-2016-9870 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier... Critical Unreviewed
CVE-2017-8790 was published May 17, 2022
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a... Critical Unreviewed
CVE-2017-14596 was published May 17, 2022
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle... High Unreviewed
CVE-2017-4927 was published May 17, 2022
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP... Critical Unreviewed
CVE-2011-4069 was published May 14, 2022
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP... Moderate Unreviewed
CVE-2018-5730 was published May 13, 2022
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf Moderate
CVE-2016-8750 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
ProTip! Advisories are also available from the GraphQL API