GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,416

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

783 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed

CVE-2015-10062 was published Jan 17, 2023

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed

CVE-2021-44537 was published Jan 16, 2022

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed

CVE-2021-43961 was published Mar 19, 2022

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -... Critical Unreviewed

CVE-2021-44042 was published Dec 15, 2021

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed

CVE-2021-43439 was published Dec 21, 2021

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed

CVE-2021-43441 was published Dec 21, 2021

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed

CVE-2021-37040 was published Dec 9, 2021

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed

CVE-2021-39910 was published Dec 14, 2021

NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This... Critical Unreviewed

CVE-2022-25420 was published Mar 30, 2022

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed

CVE-2021-43097 was published Mar 30, 2022

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed

CVE-2021-27493 was published Apr 3, 2022

A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed

CVE-2022-1287 was published Apr 10, 2022

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed

CVE-2020-20601 was published Dec 24, 2021

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed

CVE-2021-22055 was published Apr 12, 2022

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed

CVE-2022-28345 was published Apr 16, 2022

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed

CVE-2021-43269 was published Jan 21, 2022

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed

CVE-2022-27924 was published Apr 22, 2022

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed

CVE-2020-8644 was published May 24, 2022

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed

CVE-2021-42117 was published Dec 1, 2021

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed

CVE-2020-17496 was published May 24, 2022

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious... Moderate Unreviewed

CVE-2021-29416 was published May 24, 2022

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME... High Unreviewed

CVE-2020-5323 was published May 24, 2022

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed

CVE-2021-26084 was published May 24, 2022

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to... High Unreviewed

CVE-2020-23148 was published May 24, 2022

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed

CVE-2022-32269 was published Jun 4, 2022

Previous 1 2 3 4 5 … 31 32 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

783 advisories