GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,572 advisories
Filter by severity
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for...
Moderate
Unreviewed
CVE-2022-20784
was published
Apr 7, 2022
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758...
Moderate
Unreviewed
CVE-2022-0455
was published
Apr 6, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control...
High
Unreviewed
CVE-2021-22277
was published
Apr 3, 2022
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus....
High
Unreviewed
CVE-2021-26624
was published
Apr 3, 2022
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware...
Critical
Unreviewed
CVE-2021-32974
was published
Apr 3, 2022
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O...
High
Unreviewed
CVE-2021-32970
was published
Apr 3, 2022
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed...
High
Unreviewed
CVE-2022-0741
was published
Apr 3, 2022
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software...
High
Unreviewed
CVE-2022-24299
was published
Apr 1, 2022
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain...
Moderate
Unreviewed
CVE-2022-22311
was published
Apr 1, 2022
In Messaging, there is a possible way to bypass attachment restrictions due to improper input...
Moderate
Unreviewed
CVE-2021-39740
was published
Mar 31, 2022
In Settings, there is a possible way to make the user enable WiFi due to improper input...
High
Unreviewed
CVE-2021-39763
was published
Mar 31, 2022
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to...
High
Unreviewed
CVE-2021-39771
was published
Mar 31, 2022
In Settings, there is a possible way to display an incorrect app name due to improper input...
High
Unreviewed
CVE-2021-39764
was published
Mar 31, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the...
Critical
Unreviewed
CVE-2022-25757
was published
Mar 29, 2022
Improper Input Validation in GoGo Protobuf
High
CVE-2021-3121
was published
for
github.com/gogo/protobuf
(Go)
Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Critical
CVE-2020-13756
was published
for
sabberworm/php-css-parser
(Composer)
Mar 26, 2022
FormField with square brackets in field name skips validation
Moderate
CVE-2020-26138
was published
for
silverstripe/framework
(Composer)
Mar 26, 2022
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name...
Critical
Unreviewed
CVE-2021-26622
was published
Mar 26, 2022
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial...
High
Unreviewed
CVE-2021-3422
was published
Mar 26, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in...
High
Unreviewed
CVE-2021-35254
was published
Mar 26, 2022
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this...
High
Unreviewed
CVE-2021-3567
was published
Mar 26, 2022
This vulnerability can be exploited by parsing maliciously crafted project files with Horner...
High
Unreviewed
CVE-2021-44462
was published
Mar 26, 2022
Improper Input Validation in guzzlehttp/psr7
Moderate
CVE-2022-24775
was published
for
guzzlehttp/psr7
(Composer)
Mar 25, 2022
ProTip!
Advisories are also available from the
GraphQL API