Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

808 advisories

Loading
An improper input validation leading to arbitrary file creation was discovered in copy method of... Critical Unreviewed
CVE-2021-26612 was published Dec 1, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in... Critical Unreviewed
CVE-2021-43033 was published Dec 7, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37084 was published Dec 8, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37079 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37021 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37020 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37042 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37041 was published Dec 8, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Critical Unreviewed
CVE-2021-41844 was published Dec 16, 2021
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Serv-U web login screen was allowing characters that were not sanitized by the authentication... Critical Unreviewed
CVE-2021-35247 was published Jan 11, 2022
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which... Critical Unreviewed
CVE-2021-44734 was published Jan 21, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
There is a vulnerability of unstrict input parameter verification in the audio assembly... Critical Unreviewed
CVE-2021-39997 was published Feb 11, 2022
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to... Critical Unreviewed
CVE-2022-23425 was published Feb 12, 2022
Improper Input Validation in SPIP Critical Unreviewed
CVE-2020-28984 was published Feb 15, 2022
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database