Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2... Moderate Unreviewed
CVE-2023-6905 was published Dec 18, 2023
Keycloak vulnerable to LDAP Injection on UsernameForm Login Low
CVE-2022-2232 was published for org.keycloak:keycloak-ldap-federation (Maven) Nov 29, 2023
kongold
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP... High Unreviewed
CVE-2023-3447 was published Jun 29, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters High Unreviewed
CVE-2022-4254 was published Feb 1, 2023
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
Improper neutralization of special elements used in an LDAP query ('LDAP Injection')... Moderate Unreviewed
CVE-2022-45910 was published Dec 7, 2022
camel-ldap component allows LDAP Injection when using the filter option Critical
CVE-2022-45046 was published for org.apache.camel:camel-ldap (Maven) Dec 5, 2022
OneDev is a development operations platform. If the LDAP external authentication mechanism is... Moderate Unreviewed
CVE-2021-32651 was published May 24, 2022
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0,... High Unreviewed
CVE-2019-11277 was published May 24, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated... Moderate Unreviewed
CVE-2019-4297 was published May 24, 2022
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC... High Unreviewed
CVE-2016-9870 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier... Critical Unreviewed
CVE-2017-8790 was published May 17, 2022
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a... Critical Unreviewed
CVE-2017-14596 was published May 17, 2022
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle... High Unreviewed
CVE-2017-4927 was published May 17, 2022
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP... Critical Unreviewed
CVE-2011-4069 was published May 14, 2022
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP... Moderate Unreviewed
CVE-2018-5730 was published May 13, 2022
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database