Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,576 advisories

Loading
In wifi driver, there is a possible system crash due to a missing validation check. This could... Moderate Unreviewed
CVE-2021-41789 was published Jan 5, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Improper Validation and Sanitization in url-parse Moderate
CVE-2020-8124 was published for url-parse (npm) Jan 6, 2022
Sandbox Bypass in Apache Velocity Engine High
CVE-2020-13936 was published for org.apache.velocity:velocity (Maven) Jan 6, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Credited to jkmartindale
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Improper Input Validation in Parquet-MR High
CVE-2021-41561 was published for org.apache.parquet:parquet (Maven) Jan 6, 2022
raboof
Credited to raboof
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1... Moderate Unreviewed
CVE-2022-22271 was published Jan 11, 2022
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows... High Unreviewed
CVE-2022-22264 was published Jan 11, 2022
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to... High Unreviewed
CVE-2021-38957 was published Jan 11, 2022
Serv-U web login screen was allowing characters that were not sanitized by the authentication... Critical Unreviewed
CVE-2021-35247 was published Jan 11, 2022
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions... High Unreviewed
CVE-2021-41769 was published Jan 12, 2022
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Credited to tdunlap607
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
Credited to milo-minderbinder
Access to restricted PHP code by dynamic static class access in smarty High
CVE-2021-21408 was published for smarty/smarty (Composer) Jan 12, 2022
Logic error in dolibarr Moderate
CVE-2022-0174 was published for dolibarr/dolibarr (Composer) Jan 12, 2022
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet
Credited to vroldanbet
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34994 was published Jan 14, 2022
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a... Moderate Unreviewed
CVE-2021-43762 was published Jan 14, 2022
Possible heap overflow due to lack of index validation before allocating and writing to heap... High Unreviewed
CVE-2021-30311 was published Jan 14, 2022
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in... High Unreviewed
CVE-2021-30285 was published Jan 14, 2022
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This... Moderate Unreviewed
CVE-2021-45763 was published Jan 15, 2022
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1... High Unreviewed
CVE-2022-20698 was published Jan 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database