GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
124 advisories
Filter by severity
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could...
Critical
Unreviewed
CVE-2021-45092
was published
Dec 17, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58...
Critical
Unreviewed
CVE-2021-45658
was published
Dec 27, 2021
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53...
Critical
Unreviewed
CVE-2021-44530
was published
Jan 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11...
Critical
Unreviewed
CVE-2022-0582
was published
Feb 15, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item...
Critical
Unreviewed
CVE-2022-24300
was published
Feb 15, 2022
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection)...
Critical
Unreviewed
CVE-2022-24442
was published
Feb 26, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This...
Critical
Unreviewed
CVE-2022-25420
was published
Mar 30, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This...
Critical
Unreviewed
CVE-2022-1287
was published
Apr 10, 2022
TWiki allows arbitrary shell command execution via the Include function
Critical
Unreviewed
CVE-2005-3056
was published
Apr 21, 2022
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP...
Critical
Unreviewed
CVE-2011-2717
was published
Apr 22, 2022
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2022-27336
was published
Apr 28, 2022
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote...
Critical
Unreviewed
CVE-2013-7070
was published
May 5, 2022
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo...
Critical
Unreviewed
CVE-2022-24039
was published
May 11, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the...
Critical
Unreviewed
CVE-2018-3963
was published
May 13, 2022
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/...
Critical
Unreviewed
CVE-2018-16763
was published
May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could...
Critical
Unreviewed
CVE-2017-14094
was published
May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate...
Critical
Unreviewed
CVE-2017-7239
was published
May 13, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...
Critical
Unreviewed
CVE-2018-4995
was published
May 13, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to...
Critical
Unreviewed
CVE-2017-1000493
was published
May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user...
Critical
Unreviewed
CVE-2019-8948
was published
May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users...
Critical
Unreviewed
CVE-2016-9832
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API