GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
760 advisories
Filter by severity
A potential remote host header injection security vulnerability has been identified in HPE...
Moderate
Unreviewed
CVE-2022-23701
was published
Feb 25, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for...
High
Unreviewed
CVE-2022-25366
was published
Feb 20, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item...
Critical
Unreviewed
CVE-2022-24300
was published
Feb 15, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial...
High
Unreviewed
CVE-2022-0581
was published
Feb 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11...
Critical
Unreviewed
CVE-2022-0582
was published
Feb 15, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical...
High
Unreviewed
CVE-2020-12965
was published
Feb 11, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break...
High
Unreviewed
CVE-2022-0391
was published
Feb 11, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
Moderate
Unreviewed
CVE-2021-43929
was published
Feb 8, 2022
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
High
Unreviewed
CVE-2021-27971
was published
Feb 1, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote...
High
Unreviewed
CVE-2021-36348
was published
Jan 27, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote...
High
Unreviewed
CVE-2021-39031
was published
Jan 26, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy...
High
Unreviewed
CVE-2021-43269
was published
Jan 21, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop...
High
Unreviewed
CVE-2021-44537
was published
Jan 16, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53...
Critical
Unreviewed
CVE-2021-44530
was published
Jan 15, 2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery...
High
Unreviewed
CVE-2021-24948
was published
Jan 11, 2022
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to...
Moderate
Unreviewed
CVE-2021-45818
was published
Dec 31, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service...
High
Unreviewed
CVE-2021-4182
was published
Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of...
High
Unreviewed
CVE-2021-4181
was published
Dec 31, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Moderate
Unreviewed
CVE-2021-4183
was published
Dec 31, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet...
High
Unreviewed
CVE-2021-4186
was published
Dec 31, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58...
Critical
Unreviewed
CVE-2021-45658
was published
Dec 27, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host...
High
Unreviewed
CVE-2021-43437
was published
Dec 21, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
ProTip!
Advisories are also available from the
GraphQL API