Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is... Critical Unreviewed
CVE-2022-34914 was published Jul 9, 2022
Code injection in Apache Commons Configuration Critical
CVE-2022-33980 was published for org.apache.commons:commons-configuration2 (Maven) Jul 7, 2022
There is an object injection vulnerability in swfupload plugin for wordpress. Critical Unreviewed
CVE-2013-4144 was published Jul 1, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Critical Unreviewed
CVE-2021-43185 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38458 was published May 24, 2022
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote... Critical Unreviewed
CVE-2021-41392 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2021-20509 was published May 24, 2022
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that... Critical Unreviewed
CVE-2021-22910 was published May 24, 2022
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an... Critical Unreviewed
CVE-2021-3169 was published May 24, 2022
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to... Critical Unreviewed
CVE-2021-20736 was published May 24, 2022
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host... Critical Unreviewed
CVE-2018-25016 was published May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request... Critical Unreviewed
CVE-2021-27730 was published May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in... Critical Unreviewed
CVE-2021-27132 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database