Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,187 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed
CVE-2021-39910 was published Dec 14, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Command Injection in compass-compile Critical
CVE-2020-7635 was published for compass-compile (npm) Dec 9, 2021
RDIL
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37040 was published Dec 9, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account... High Unreviewed
CVE-2021-43038 was published Dec 7, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed
CVE-2021-42117 was published Dec 1, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37033 was published Nov 24, 2021
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed
CVE-2021-36322 was published Nov 21, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
Command injection leading to Remote Code Execution in Apache Storm Critical
CVE-2021-38294 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
Expression injection in AviatorScript Critical
CVE-2021-41862 was published for com.googlecode.aviator:aviator (Maven) Oct 4, 2021
joelteo-poloniex
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
HTTP header injection in Sonatype Nexus Repository High
CVE-2021-40143 was published for org.sonatype.nexus:nexus-repository (Maven) Sep 8, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database