Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Remote Code Execution in esigate-core Critical
CVE-2018-1000854 was published for org.esigate:esigate-core (Maven) Dec 21, 2018
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed
CVE-2015-10062 was published Jan 17, 2023
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -... Critical Unreviewed
CVE-2021-44042 was published Dec 15, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed
CVE-2021-43439 was published Dec 21, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37040 was published Dec 9, 2021
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This... Critical Unreviewed
CVE-2022-25420 was published Mar 30, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed
CVE-2022-1287 was published Apr 10, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2020-20601 was published Dec 24, 2021
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
There is an object injection vulnerability in swfupload plugin for wordpress. Critical Unreviewed
CVE-2013-4144 was published Jul 1, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0... Critical Unreviewed
CVE-2016-1155 was published May 17, 2022
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is... Critical Unreviewed
CVE-2022-34914 was published Jul 9, 2022
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as... Critical Unreviewed
CVE-2016-15004 was published Jul 24, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed
CVE-2022-40434 was published Dec 20, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed
CVE-2022-3236 was published Sep 25, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database