GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
832 advisories
Filter by severity
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection...
Moderate
Unreviewed
CVE-2021-36322
was published
Nov 21, 2021
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A...
High
Unreviewed
CVE-2021-36313
was published
Nov 24, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this...
High
Unreviewed
CVE-2021-37033
was published
Nov 24, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account...
High
Unreviewed
CVE-2021-43038
was published
Dec 7, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
High
Unreviewed
CVE-2021-37262
was published
Dec 17, 2021
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could...
Critical
Unreviewed
CVE-2021-45092
was published
Dec 17, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host...
High
Unreviewed
CVE-2021-43437
was published
Dec 21, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58...
Critical
Unreviewed
CVE-2021-45658
was published
Dec 27, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet...
High
Unreviewed
CVE-2021-4186
was published
Dec 31, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Moderate
Unreviewed
CVE-2021-4183
was published
Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of...
High
Unreviewed
CVE-2021-4181
was published
Dec 31, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service...
High
Unreviewed
CVE-2021-4182
was published
Dec 31, 2021
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to...
Moderate
Unreviewed
CVE-2021-45818
was published
Dec 31, 2021
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery...
High
Unreviewed
CVE-2021-24948
was published
Jan 11, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53...
Critical
Unreviewed
CVE-2021-44530
was published
Jan 15, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote...
High
Unreviewed
CVE-2021-39031
was published
Jan 26, 2022
ProTip!
Advisories are also available from the
GraphQL API