Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed
CVE-2021-39910 was published Dec 14, 2021
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed
CVE-2021-43441 was published Dec 21, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Moderate Unreviewed
CVE-2021-4183 was published Dec 31, 2021
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to... Moderate Unreviewed
CVE-2021-45818 was published Dec 31, 2021
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
Client-Side JavaScript Prototype Pollution in oro/platform Moderate
CVE-2021-43852 was published for oro/platform (Composer) Jan 6, 2022
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
A potential remote host header injection security vulnerability has been identified in HPE... Moderate Unreviewed
CVE-2022-23701 was published Feb 25, 2022
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed
CVE-2021-43961 was published Mar 19, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed
CVE-2021-27493 was published Apr 3, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed
CVE-2021-22055 was published Apr 12, 2022
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X... Moderate Unreviewed
CVE-2011-3624 was published Apr 22, 2022
Opera before 7.54 allows remote attackers to modify properties and methods of the location object... Moderate Unreviewed
CVE-2004-2570 was published Apr 29, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of... Moderate Unreviewed
CVE-2016-8720 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database