Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37047 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37042 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37041 was published Dec 8, 2021
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this... Moderate Unreviewed
CVE-2021-37039 was published Dec 9, 2021
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows... High Unreviewed
CVE-2021-25517 was published Dec 9, 2021
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows... High Unreviewed
CVE-2021-25510 was published Dec 9, 2021
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows... High Unreviewed
CVE-2021-25512 was published Dec 9, 2021
Improper Input Validation in xdLocalStorage High
CVE-2015-9544 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Credited to G-Rath
Improper Input Validation in xdLocalStorage High
CVE-2015-9545 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Credited to G-Rath
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Credited to ppkarwasz
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
Improper Input Validation in is-email High
CVE-2021-36716 was published for is-email (npm) Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual... Moderate Unreviewed
CVE-2021-42068 was published Dec 15, 2021
When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted... Moderate Unreviewed
CVE-2021-42069 was published Dec 15, 2021
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in... Moderate Unreviewed
CVE-2021-42070 was published Dec 15, 2021
In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable... High Unreviewed
CVE-2021-1021 was published Dec 16, 2021
In snoozeNotification of NotificationListenerService.java, there is a possible way to disable... High Unreviewed
CVE-2021-1020 was published Dec 16, 2021
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible... High Unreviewed
CVE-2021-0933 was published Dec 16, 2021
In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization... High Unreviewed
CVE-2021-0921 was published Dec 16, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. Moderate Unreviewed
CVE-2021-43242 was published Dec 16, 2021
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command... Moderate Unreviewed
CVE-2021-20330 was published Dec 16, 2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Critical Unreviewed
CVE-2021-41844 was published Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database