Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

671 advisories

Loading
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code... Critical Unreviewed
CVE-2021-42786 was published Mar 11, 2022
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-25498 was published Mar 16, 2022
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote... Critical Unreviewed
CVE-2022-27228 was published Mar 23, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the... Critical Unreviewed
CVE-2022-25757 was published Mar 29, 2022
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to... Critical Unreviewed
CVE-2011-4124 was published Apr 22, 2022
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent... Critical Unreviewed
CVE-2017-8923 was published May 14, 2022
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on... Critical Unreviewed
CVE-2018-4018 was published May 24, 2022
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1142 was published May 24, 2022
There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of... Critical Unreviewed
CVE-2021-22345 was published May 24, 2022
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first... Critical Unreviewed
CVE-2022-25163 was published Jun 3, 2022
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2021-1301 was published May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab... Critical Unreviewed
CVE-2021-22205 was published May 24, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote... Critical Unreviewed
CVE-2021-1468 was published May 24, 2022
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30712 was published Jun 8, 2022
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper... Critical Unreviewed
CVE-2021-37417 was published May 24, 2022
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows... Critical Unreviewed
CVE-2015-1555 was published May 17, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130,... Critical Unreviewed
CVE-2021-1459 was published May 24, 2022
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30713 was published Jun 8, 2022
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30710 was published Jun 8, 2022
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30711 was published Jun 8, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary... Critical Unreviewed
CVE-2020-24672 was published May 24, 2022
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux... Critical Unreviewed
CVE-2017-9811 was published May 17, 2022
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of... Critical Unreviewed
CVE-2017-11673 was published May 17, 2022
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution... Critical Unreviewed
CVE-2017-11495 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API