Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which... Moderate Unreviewed
CVE-2021-37863 was published Dec 18, 2021
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could... Moderate Unreviewed
CVE-2021-0902 was published Dec 18, 2021
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could... Moderate Unreviewed
CVE-2021-0900 was published Dec 18, 2021
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This... Moderate Unreviewed
CVE-2021-0674 was published Dec 18, 2021
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check.... High Unreviewed
CVE-2021-0673 was published Dec 18, 2021
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 levinebw
ppkarwasz
Credited to chrisbloom7, levinebw, and ppkarwasz
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design... High Unreviewed
CVE-2021-44422 was published Dec 22, 2021
Certain Starcharge products are affected by Improper Input Validation. The affected products... High Unreviewed
CVE-2021-45419 was published Dec 23, 2021
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. High Unreviewed
CVE-2021-45462 was published Dec 24, 2021
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a... Moderate Unreviewed
CVE-2021-4068 was published Dec 24, 2021
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote... Moderate Unreviewed
CVE-2021-4059 was published Dec 24, 2021
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker... High Unreviewed
CVE-2021-38015 was published Dec 24, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle... High Unreviewed
CVE-2021-41788 was published Dec 27, 2021
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does... Moderate Unreviewed
CVE-2021-43548 was published Dec 28, 2021
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency... High Unreviewed
CVE-2021-21751 was published Dec 28, 2021
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing... High Unreviewed
CVE-2021-24893 was published Jan 4, 2022
The programming function of Shockwall system has an improper input validation vulnerability. An... Low Unreviewed
CVE-2021-45916 was published Jan 4, 2022
Improper input validation in TrustZone memory transfer interface can lead to information... Moderate Unreviewed
CVE-2021-30278 was published Jan 4, 2022
Improper validation of a socket state when socket events are being sent to clients can lead to... High Unreviewed
CVE-2021-30262 was published Jan 4, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ppkarwasz
Credited to ppkarwasz
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check.... Moderate Unreviewed
CVE-2022-20019 was published Jan 5, 2022
In vow driver, there is a possible memory corruption due to improper input validation. This could... Moderate Unreviewed
CVE-2022-20014 was published Jan 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database