GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
909 advisories
Filter by severity
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14...
Critical
Unreviewed
CVE-2015-10062
was published
Jan 17, 2023
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Moderate
Unreviewed
CVE-2021-43961
was published
Mar 19, 2022
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction...
High
Unreviewed
CVE-2021-43097
was published
Mar 30, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This...
Critical
Unreviewed
CVE-2022-25420
was published
Mar 30, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured...
Moderate
Unreviewed
CVE-2021-27493
was published
Apr 3, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This...
Critical
Unreviewed
CVE-2022-1287
was published
Apr 10, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the...
Moderate
Unreviewed
CVE-2021-22055
was published
Apr 12, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders...
High
Unreviewed
CVE-2022-28345
was published
Apr 16, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject...
High
Unreviewed
CVE-2022-27924
was published
Apr 22, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
High
Unreviewed
CVE-2020-8644
was published
May 24, 2022
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an...
High
Unreviewed
CVE-2020-17496
was published
May 24, 2022
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious...
Moderate
Unreviewed
CVE-2021-29416
was published
May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME...
High
Unreviewed
CVE-2020-5323
was published
May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2021-26084
was published
May 24, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to...
High
Unreviewed
CVE-2020-23148
was published
May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local...
Critical
Unreviewed
CVE-2022-32269
was published
Jun 4, 2022
ProTip!
Advisories are also available from the
GraphQL API