Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10,572 advisories

Loading
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for... Moderate Unreviewed
CVE-2022-20784 was published Apr 7, 2022
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758... Moderate Unreviewed
CVE-2022-0455 was published Apr 6, 2022
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control... High Unreviewed
CVE-2021-22277 was published Apr 3, 2022
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus.... High Unreviewed
CVE-2021-26624 was published Apr 3, 2022
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware... Critical Unreviewed
CVE-2021-32974 was published Apr 3, 2022
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O... High Unreviewed
CVE-2021-32970 was published Apr 3, 2022
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed... High Unreviewed
CVE-2022-0741 was published Apr 3, 2022
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software... High Unreviewed
CVE-2022-24299 was published Apr 1, 2022
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain... Moderate Unreviewed
CVE-2022-22311 was published Apr 1, 2022
In Messaging, there is a possible way to bypass attachment restrictions due to improper input... Moderate Unreviewed
CVE-2021-39740 was published Mar 31, 2022
In Settings, there is a possible way to make the user enable WiFi due to improper input... High Unreviewed
CVE-2021-39763 was published Mar 31, 2022
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to... High Unreviewed
CVE-2021-39771 was published Mar 31, 2022
In Settings, there is a possible way to display an incorrect app name due to improper input... High Unreviewed
CVE-2021-39764 was published Mar 31, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the... Critical Unreviewed
CVE-2022-25757 was published Mar 29, 2022
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
FormField with square brackets in field name skips validation Moderate
CVE-2020-26138 was published for silverstripe/framework (Composer) Mar 26, 2022
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed
CVE-2021-26622 was published Mar 26, 2022
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial... High Unreviewed
CVE-2021-3422 was published Mar 26, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in... High Unreviewed
CVE-2021-35254 was published Mar 26, 2022
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this... High Unreviewed
CVE-2021-3567 was published Mar 26, 2022
This vulnerability can be exploited by parsing maliciously crafted project files with Horner... High Unreviewed
CVE-2021-44462 was published Mar 26, 2022
Improper Input Validation in guzzlehttp/psr7 Moderate
CVE-2022-24775 was published for guzzlehttp/psr7 (Composer) Mar 25, 2022
TimWolla GrahamCampbell
ProTip! Advisories are also available from the GraphQL API