GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
220 advisories
Filter by severity
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote...
Critical
Unreviewed
CVE-2013-7070
was published
May 5, 2022
RubyGem openshift-origin-controller is vulnerable to command injection
Critical
CVE-2013-2095
was published
for
openshift-origin-controller
(RubyGems)
May 5, 2022
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2022-27336
was published
Apr 28, 2022
ejs template injection vulnerability
Critical
CVE-2022-29078
was published
for
ejs
(npm)
Apr 26, 2022
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP...
Critical
Unreviewed
CVE-2011-2717
was published
Apr 22, 2022
TWiki allows arbitrary shell command execution via the Include function
Critical
Unreviewed
CVE-2005-3056
was published
Apr 21, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This...
Critical
Unreviewed
CVE-2022-1287
was published
Apr 10, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This...
Critical
Unreviewed
CVE-2022-25420
was published
Mar 30, 2022
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection)...
Critical
Unreviewed
CVE-2022-24442
was published
Feb 26, 2022
Code injection in ezsystems/ezpublish-kernel
Critical
CVE-2022-25337
was published
for
ezsystems/ezpublish-kernel
(Composer)
Feb 19, 2022
Server Side Template Injection in MCMS
Critical
CVE-2021-46063
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 19, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item...
Critical
Unreviewed
CVE-2022-24300
was published
Feb 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11...
Critical
Unreviewed
CVE-2022-0582
was published
Feb 15, 2022
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53...
Critical
Unreviewed
CVE-2021-44530
was published
Jan 15, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58...
Critical
Unreviewed
CVE-2021-45658
was published
Dec 27, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could...
Critical
Unreviewed
CVE-2021-45092
was published
Dec 17, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
Command Injection in compass-compile
Critical
CVE-2020-7635
was published
for
compass-compile
(npm)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API