Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break... High Unreviewed
CVE-2022-0391 was published Feb 11, 2022
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical... High Unreviewed
CVE-2020-12965 was published Feb 11, 2022
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial... High Unreviewed
CVE-2022-0581 was published Feb 15, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for... High Unreviewed
CVE-2022-25366 was published Feb 20, 2022
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed
CVE-2021-43097 was published Mar 30, 2022
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account... High Unreviewed
CVE-2021-39114 was published Apr 6, 2022
Null Byte Injection in Plug.Static High
CVE-2017-1000052 was published for plug (Erlang) Apr 12, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20719 was published Apr 16, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated,... High Unreviewed
CVE-2022-20693 was published Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20718 was published Apr 16, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed
CVE-2022-28345 was published Apr 16, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability... High Unreviewed
CVE-2011-2538 was published Apr 22, 2022
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input... High Unreviewed
CVE-2011-4558 was published Apr 22, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An... High Unreviewed
CVE-2022-1509 was published Apr 29, 2022
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web... High Unreviewed
CVE-2004-1157 was published Apr 29, 2022
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via... High Unreviewed
CVE-2005-3750 was published May 1, 2022
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows... High Unreviewed
CVE-2009-1781 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database