GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,424 advisories
Filter by severity
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Injection in Jolokia agent
High
CVE-2018-1000130
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject...
High
Unreviewed
CVE-2022-27924
was published
Apr 22, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc
High
CVE-2022-29166
was published
for
matrix-appservice-irc
(npm)
May 23, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders...
High
Unreviewed
CVE-2022-28345
was published
Apr 16, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the...
Moderate
Unreviewed
CVE-2021-22055
was published
Apr 12, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
A vulnerability classified as critical was found in School Club Application System 1.0. This...
Critical
Unreviewed
CVE-2022-1287
was published
Apr 10, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured...
Moderate
Unreviewed
CVE-2021-27493
was published
Apr 3, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction...
High
Unreviewed
CVE-2021-43097
was published
Mar 30, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This...
Critical
Unreviewed
CVE-2022-25420
was published
Mar 30, 2022
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Moderate
Unreviewed
CVE-2021-43961
was published
Mar 19, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API