Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an... High Unreviewed
CVE-2021-29156 was published May 24, 2022
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash... High Unreviewed
CVE-2020-27212 was published May 24, 2022
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in... High Unreviewed
CVE-2021-27182 was published May 24, 2022
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not... High Unreviewed
CVE-2021-22331 was published May 24, 2022
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15... High Unreviewed
CVE-2021-26068 was published May 24, 2022
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3... High Unreviewed
CVE-2020-26142 was published May 24, 2022
SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install... High Unreviewed
CVE-2021-27614 was published May 24, 2022
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code... High Unreviewed
CVE-2021-22191 was published May 24, 2022
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed
CVE-2021-30506 was published May 24, 2022
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to... High Unreviewed
CVE-2021-29702 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2021-29084 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2021-29085 was published May 24, 2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery... High Unreviewed
CVE-2021-24948 was published Jan 11, 2022
In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a... High Unreviewed
CVE-2021-0567 was published May 24, 2022
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to... High Unreviewed
CVE-2021-20574 was published May 24, 2022
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance... High Unreviewed
CVE-2021-1359 was published May 24, 2022
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before... High Unreviewed
CVE-2021-32558 was published May 24, 2022
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with... High Unreviewed
CVE-2021-35450 was published May 24, 2022
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the... High Unreviewed
CVE-2021-38084 was published May 24, 2022
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config... High Unreviewed
CVE-2021-38290 was published May 24, 2022
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and... High Unreviewed
CVE-2022-35735 was published Aug 5, 2022
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP... High Unreviewed
CVE-2021-38371 was published May 24, 2022
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of... High Unreviewed
CVE-2021-4181 was published Dec 31, 2021
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial... High Unreviewed
CVE-2022-0581 was published Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database