Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,051 advisories

Loading
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious... High Unreviewed
CVE-2021-36343 was published Jan 25, 2022
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious... High Unreviewed
CVE-2021-36342 was published Jan 25, 2022
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability... High Unreviewed
CVE-2021-43588 was published Jan 25, 2022
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker... High Unreviewed
CVE-2022-21933 was published Jan 22, 2022
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing... High Unreviewed
CVE-2021-35969 was published Jan 16, 2022
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing... High Unreviewed
CVE-2021-42555 was published Jan 16, 2022
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input... High Unreviewed
CVE-2021-33498 was published Jan 16, 2022
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input... High Unreviewed
CVE-2021-33499 was published Jan 16, 2022
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. High Unreviewed
CVE-2021-32545 was published Jan 16, 2022
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1... High Unreviewed
CVE-2022-20698 was published Jan 15, 2022
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in... High Unreviewed
CVE-2021-30285 was published Jan 14, 2022
Possible heap overflow due to lack of index validation before allocating and writing to heap... High Unreviewed
CVE-2021-30311 was published Jan 14, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34994 was published Jan 14, 2022
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet
Credited to vroldanbet
Access to restricted PHP code by dynamic static class access in smarty High
CVE-2021-21408 was published for smarty/smarty (Composer) Jan 12, 2022
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
Credited to milo-minderbinder
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607
Credited to tdunlap607
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions... High Unreviewed
CVE-2021-41769 was published Jan 12, 2022
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to... High Unreviewed
CVE-2021-38957 was published Jan 11, 2022
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows... High Unreviewed
CVE-2022-22264 was published Jan 11, 2022
Improper Input Validation in Parquet-MR High
CVE-2021-41561 was published for org.apache.parquet:parquet (Maven) Jan 6, 2022
raboof
Credited to raboof
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Credited to jkmartindale
Sandbox Bypass in Apache Velocity Engine High
CVE-2020-13936 was published for org.apache.velocity:velocity (Maven) Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Improper validation of a socket state when socket events are being sent to clients can lead to... High Unreviewed
CVE-2021-30262 was published Jan 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database