Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

760 advisories

Loading
A potential remote host header injection security vulnerability has been identified in HPE... Moderate Unreviewed
CVE-2022-23701 was published Feb 25, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for... High Unreviewed
CVE-2022-25366 was published Feb 20, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item... Critical Unreviewed
CVE-2022-24300 was published Feb 15, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial... High Unreviewed
CVE-2022-0581 was published Feb 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed
CVE-2022-0582 was published Feb 15, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical... High Unreviewed
CVE-2020-12965 was published Feb 11, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break... High Unreviewed
CVE-2022-0391 was published Feb 11, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. High Unreviewed
CVE-2021-27971 was published Feb 1, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote... High Unreviewed
CVE-2021-36348 was published Jan 27, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote... High Unreviewed
CVE-2021-39031 was published Jan 26, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed
CVE-2021-43269 was published Jan 21, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery... High Unreviewed
CVE-2021-24948 was published Jan 11, 2022
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to... Moderate Unreviewed
CVE-2021-45818 was published Dec 31, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service... High Unreviewed
CVE-2021-4182 was published Dec 31, 2021
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of... High Unreviewed
CVE-2021-4181 was published Dec 31, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Moderate Unreviewed
CVE-2021-4183 was published Dec 31, 2021
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet... High Unreviewed
CVE-2021-4186 was published Dec 31, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58... Critical Unreviewed
CVE-2021-45658 was published Dec 27, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2020-20601 was published Dec 24, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host... High Unreviewed
CVE-2021-43437 was published Dec 21, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed
CVE-2021-43441 was published Dec 21, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed
CVE-2021-43439 was published Dec 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database