Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote... Critical Unreviewed
CVE-2021-41392 was published May 24, 2022
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that... Critical Unreviewed
CVE-2021-22910 was published May 24, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed
CVE-2022-0582 was published Feb 15, 2022
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2021-20509 was published May 24, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-27336 was published Apr 28, 2022
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host... Critical Unreviewed
CVE-2018-25016 was published May 24, 2022
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in... Critical Unreviewed
CVE-2021-27132 was published May 24, 2022
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to... Critical Unreviewed
CVE-2021-20736 was published May 24, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
CITSmart before 9.1.2.23 allows LDAP Injection. Critical Unreviewed
CVE-2020-35775 was published May 24, 2022
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request... Critical Unreviewed
CVE-2021-27730 was published May 24, 2022
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows... Critical Unreviewed
CVE-2022-34294 was published Aug 16, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote... Critical Unreviewed
CVE-2020-4627 was published May 24, 2022
A templateselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7172 was published May 24, 2022
A guidatadetail expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7171 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in... Critical Unreviewed
CVE-2019-19874 was published May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can... Critical Unreviewed
CVE-2020-25094 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader... Critical Unreviewed
CVE-2019-19872 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2022-4768 was published Dec 28, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database