Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote... High Unreviewed
CVE-2021-36348 was published Jan 27, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote... High Unreviewed
CVE-2021-39031 was published Jan 26, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed
CVE-2021-43269 was published Jan 21, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
Sandbox Escape by math function in smarty High
CVE-2021-29454 was published for smarty/smarty (Composer) Jan 12, 2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery... High Unreviewed
CVE-2021-24948 was published Jan 11, 2022
Injection in UserFrosting High
CVE-2021-25994 was published for userfrosting/userfrosting (Composer) Jan 6, 2022
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service... High Unreviewed
CVE-2021-4182 was published Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of... High Unreviewed
CVE-2021-4181 was published Dec 31, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet... High Unreviewed
CVE-2021-4186 was published Dec 31, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host... High Unreviewed
CVE-2021-43437 was published Dec 21, 2021
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. High
CVE-2020-35213 was published for io.atomix:atomix (Maven) Dec 17, 2021
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. High Unreviewed
CVE-2021-37262 was published Dec 17, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account... High Unreviewed
CVE-2021-43038 was published Dec 7, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37033 was published Nov 24, 2021
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
HTTP header injection in Sonatype Nexus Repository High
CVE-2021-40143 was published for org.sonatype.nexus:nexus-repository (Maven) Sep 8, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database