Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet... High Unreviewed
CVE-2021-4186 was published Dec 31, 2021
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur... High Unreviewed
CVE-2021-30777 was published May 24, 2022
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile... High Unreviewed
CVE-2021-41390 was published May 24, 2022
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path... High Unreviewed
CVE-2021-35504 was published May 24, 2022
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path... High Unreviewed
CVE-2021-35505 was published May 24, 2022
An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could... High Unreviewed
CVE-2021-37933 was published May 24, 2022
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web... High Unreviewed
CVE-2004-1157 was published Apr 29, 2022
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could... High Unreviewed
CVE-2021-38873 was published May 24, 2022
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (... High Unreviewed
CVE-2020-7489 was published May 24, 2022
A code execution vulnerability exists in the normal world’s signed code execution functionality... High Unreviewed
CVE-2020-35608 was published May 24, 2022
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient... High Unreviewed
CVE-2014-5086 was published May 24, 2022
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0... High Unreviewed
CVE-2021-25980 was published May 24, 2022
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via... High Unreviewed
CVE-2005-3750 was published May 1, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some... High Unreviewed
CVE-2022-4300 was published Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is... High Unreviewed
CVE-2022-4282 was published Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and... High Unreviewed
CVE-2022-35507 was published Dec 4, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows... High Unreviewed
CVE-2009-1781 was published May 2, 2022
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an... High Unreviewed
CVE-2022-37108 was published Sep 8, 2022
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all... High Unreviewed
CVE-2022-3060 was published Oct 17, 2022
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600... High Unreviewed
CVE-2022-36323 was published Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database