Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240,683 advisories

Loading
Prototype Pollution in object-path-set High
CVE-2021-23507 was published for object-path-set (npm) Feb 5, 2022
Prototype Pollution in putil-merge High
CVE-2021-23470 was published for putil-merge (npm) Feb 5, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the... High Unreviewed
CVE-2021-45739 was published Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the... Critical Unreviewed
CVE-2021-45740 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function... High Unreviewed
CVE-2021-45741 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-45738 was published Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2021-45742 was published Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the... High Unreviewed
CVE-2021-45737 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function... High Unreviewed
CVE-2021-45736 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function... High Unreviewed
CVE-2021-45734 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-45733 was published Feb 5, 2022
Cross-site Scripting in Beanstalk console Moderate
CVE-2022-0501 was published for ptrofimov/beanstalk_console (Composer) Feb 6, 2022
Cross-site Scripting in karma Moderate
CVE-2022-0437 was published for karma (npm) Feb 6, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of... High Unreviewed
CVE-2022-22724 was published Feb 6, 2022
Business Logic Errors in SilverStripe Framework Moderate
CVE-2022-0227 was published for silverstripe/framework (Composer) Feb 6, 2022
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service Critical
CVE-2021-36152 was published for org.apache.gobblin:gobblin-core (Maven) Feb 6, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom Moderate
CVE-2022-0472 was published for jsdecena/laracom (Composer) Feb 6, 2022
Hadoop token in temp file visible to all users in Apache Gobblin Moderate
CVE-2021-36151 was published for org.apache.gobblin:gobblin-core (Maven) Feb 6, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Cross-site Scripting in LiveHelperChat Moderate
CVE-2022-0502 was published for remdex/livehelperchat (Composer) Feb 7, 2022
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
ProTip! Advisories are also available from the GraphQL API