Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,416
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

886 advisories

Loading
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote... Critical Unreviewed
CVE-2022-27228 was published Mar 23, 2022
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-25498 was published Mar 16, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code... Critical Unreviewed
CVE-2021-42786 was published Mar 11, 2022
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a... Critical Unreviewed
CVE-2022-26100 was published Mar 11, 2022
In certain situations it is possible for an unmanaged rule to exist on the target system that has... Critical Unreviewed
CVE-2022-0675 was published Mar 3, 2022
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7... Critical Unreviewed
CVE-2021-32586 was published Mar 2, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
This issues due to insufficient verification of the various input values from user’s input. The... Critical Unreviewed
CVE-2021-26617 was published Feb 26, 2022
An improper input validation leading to arbitrary file creation was discovered in ToWord of... Critical Unreviewed
CVE-2021-26618 was published Feb 19, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
Improper Input Validation in SPIP Critical Unreviewed
CVE-2020-28984 was published Feb 15, 2022
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to... Critical Unreviewed
CVE-2022-23425 was published Feb 12, 2022
There is a vulnerability of unstrict input parameter verification in the audio assembly... Critical Unreviewed
CVE-2021-39997 was published Feb 11, 2022
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which... Critical Unreviewed
CVE-2021-44734 was published Jan 21, 2022
Serv-U web login screen was allowing characters that were not sanitized by the authentication... Critical Unreviewed
CVE-2021-35247 was published Jan 11, 2022
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Critical Unreviewed
CVE-2021-41844 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database