Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote... Critical Unreviewed
CVE-2021-41392 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38458 was published May 24, 2022
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Critical Unreviewed
CVE-2021-43185 was published May 24, 2022
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper... Critical Unreviewed
CVE-2021-38395 was published Oct 28, 2022
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
briandealwis
Command injection leading to Remote Code Execution in Apache Storm Critical
CVE-2021-38294 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can... Critical Unreviewed
CVE-2022-34773 was published Aug 23, 2022
Code injection in Apache Commons Configuration Critical
CVE-2022-33980 was published for org.apache.commons:commons-configuration2 (Maven) Jul 7, 2022
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A... Critical Unreviewed
CVE-2022-31657 was published Aug 6, 2022
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/... Critical Unreviewed
CVE-2018-16763 was published May 13, 2022
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Command Injection in macfromip Critical
CVE-2020-7786 was published for macfromip (npm) Apr 12, 2021
Command injection in spritesheet-js Critical
CVE-2020-7782 was published for spritesheet-js (npm) Apr 13, 2021
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
Command Injection in compass-compile Critical
CVE-2020-7635 was published for compass-compile (npm) Dec 9, 2021
RDIL
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could... Critical Unreviewed
CVE-2021-45092 was published Dec 17, 2021
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... Critical Unreviewed
CVE-2017-14094 was published May 13, 2022
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in... Critical Unreviewed
CVE-2020-27602 was published Sep 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database