Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,188 advisories

Loading
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for... High Unreviewed
CVE-2022-25366 was published Feb 20, 2022
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Server Side Template Injection in MCMS Critical
CVE-2021-46063 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item... Critical Unreviewed
CVE-2022-24300 was published Feb 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed
CVE-2022-0582 was published Feb 15, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial... High Unreviewed
CVE-2022-0581 was published Feb 15, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical... High Unreviewed
CVE-2020-12965 was published Feb 11, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break... High Unreviewed
CVE-2022-0391 was published Feb 11, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Remote code execution in xwiki-platform High
CVE-2022-23616 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 9, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. High Unreviewed
CVE-2021-27971 was published Feb 1, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote... High Unreviewed
CVE-2021-36348 was published Jan 27, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote... High Unreviewed
CVE-2021-39031 was published Jan 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database