Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

317 advisories

Loading
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37033 was published Nov 24, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account... High Unreviewed
CVE-2021-43038 was published Dec 7, 2021
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. High Unreviewed
CVE-2021-37262 was published Dec 17, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host... High Unreviewed
CVE-2021-43437 was published Dec 21, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet... High Unreviewed
CVE-2021-4186 was published Dec 31, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service... High Unreviewed
CVE-2021-4182 was published Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of... High Unreviewed
CVE-2021-4181 was published Dec 31, 2021
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery... High Unreviewed
CVE-2021-24948 was published Jan 11, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed
CVE-2021-43269 was published Jan 21, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote... High Unreviewed
CVE-2021-39031 was published Jan 26, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote... High Unreviewed
CVE-2021-36348 was published Jan 27, 2022
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. High Unreviewed
CVE-2021-27971 was published Feb 1, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break... High Unreviewed
CVE-2022-0391 was published Feb 11, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical... High Unreviewed
CVE-2020-12965 was published Feb 11, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial... High Unreviewed
CVE-2022-0581 was published Feb 15, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for... High Unreviewed
CVE-2022-25366 was published Feb 20, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed
CVE-2021-43097 was published Mar 30, 2022
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account... High Unreviewed
CVE-2021-39114 was published Apr 6, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20719 was published Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20718 was published Apr 16, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated,... High Unreviewed
CVE-2022-20693 was published Apr 16, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed
CVE-2022-28345 was published Apr 16, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database