Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

4,034 advisories

Loading
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24663 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a... High Unreviewed
CVE-2022-24665 was published Feb 17, 2022
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-23389 was published Feb 15, 2022
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability... Critical Unreviewed
CVE-2021-44978 was published Feb 9, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit... High Unreviewed
CVE-2021-46117 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit... High Unreviewed
CVE-2021-46118 was published Jan 27, 2022
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.... High Unreviewed
CVE-2021-46114 was published Jan 27, 2022
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access... High Unreviewed
CVE-2022-23008 was published Jan 26, 2022
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security... High Unreviewed
CVE-2022-23120 was published Jan 21, 2022
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution... High Unreviewed
CVE-2022-0130 was published Jan 15, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34994 was published Jan 14, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21837 was published Jan 12, 2022
Microsoft Office Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21840 was published Jan 12, 2022
Microsoft Word Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21842 was published Jan 12, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2022-21846 was published Jan 12, 2022
Windows Security Center API Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21874 was published Jan 12, 2022
Windows Geolocation Service Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21878 was published Jan 12, 2022
HEVC Video Extensions Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21917 was published Jan 12, 2022
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-21928 was published Jan 12, 2022
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and... High Unreviewed
CVE-2022-22285 was published Jan 11, 2022
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0... High Unreviewed
CVE-2022-22286 was published Jan 11, 2022
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may... Critical Unreviewed
CVE-2021-39979 was published Jan 4, 2022
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. Moderate Unreviewed
CVE-2021-45655 was published Dec 27, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00... High Unreviewed
CVE-2021-45657 was published Dec 27, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00... High Unreviewed
CVE-2021-45656 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database