GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
318 advisories
Filter by severity
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A...
High
Unreviewed
CVE-2021-36313
was published
Nov 24, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this...
High
Unreviewed
CVE-2021-37033
was published
Nov 24, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account...
High
Unreviewed
CVE-2021-43038
was published
Dec 7, 2021
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
High
Unreviewed
CVE-2021-37262
was published
Dec 17, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host...
High
Unreviewed
CVE-2021-43437
was published
Dec 21, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet...
High
Unreviewed
CVE-2021-4186
was published
Dec 31, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service...
High
Unreviewed
CVE-2021-4182
was published
Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of...
High
Unreviewed
CVE-2021-4181
was published
Dec 31, 2021
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery...
High
Unreviewed
CVE-2021-24948
was published
Jan 11, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote...
High
Unreviewed
CVE-2021-39031
was published
Jan 26, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote...
High
Unreviewed
CVE-2021-36348
was published
Jan 27, 2022
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
High
Unreviewed
CVE-2021-27971
was published
Feb 1, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break...
High
Unreviewed
CVE-2022-0391
was published
Feb 11, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical...
High
Unreviewed
CVE-2020-12965
was published
Feb 11, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial...
High
Unreviewed
CVE-2022-0581
was published
Feb 15, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for...
High
Unreviewed
CVE-2022-25366
was published
Feb 20, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction...
High
Unreviewed
CVE-2021-43097
was published
Mar 30, 2022
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account...
High
Unreviewed
CVE-2021-39114
was published
Apr 6, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco...
High
Unreviewed
CVE-2022-20719
was published
Apr 16, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated,...
High
Unreviewed
CVE-2022-20693
was published
Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco...
High
Unreviewed
CVE-2022-20718
was published
Apr 16, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders...
High
Unreviewed
CVE-2022-28345
was published
Apr 16, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject...
High
Unreviewed
CVE-2022-27924
was published
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API