Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

617 advisories

Loading
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39086 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39087 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39088 was published Jan 4, 2023
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0... Moderate Unreviewed
CVE-2022-40765 was published Nov 22, 2022
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. Moderate Unreviewed
CVE-2022-42187 was published Nov 17, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS... Moderate Unreviewed
CVE-2022-20934 was published Nov 16, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Credited to jupenur
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Credited to dwisiswant0
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker... Moderate Unreviewed
CVE-2021-26321 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40995 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40994 was published May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special... Moderate Unreviewed
CVE-2021-21595 was published May 24, 2022
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS... Moderate Unreviewed
CVE-2020-15955 was published May 24, 2022
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS. Moderate Unreviewed
CVE-2021-38370 was published May 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses... Moderate Unreviewed
CVE-2021-38372 was published May 24, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext... Moderate Unreviewed
CVE-2021-38373 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-34614 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-34612 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-34616 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-34615 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-34613 was published May 24, 2022
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp.... Moderate Unreviewed
CVE-2021-33515 was published May 24, 2022
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be... Moderate Unreviewed
CVE-2021-22864 was published May 24, 2022
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave... Moderate Unreviewed
CVE-2021-26970 was published May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This... Moderate Unreviewed
CVE-2021-0364 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database