Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Improper Input Validation in vault-ssh-helper High
CVE-2020-24359 was published for github.com/hashicorp/vault-ssh-helper (Go) Feb 15, 2022
Gitea Improper Input Validation High
CVE-2019-11228 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
containernetworking/cni improper limitation of path name High
CVE-2021-20206 was published for github.com/containernetworking/cni (Go) Feb 15, 2022
Directory traversal in Kubernetes Secrets Store CSI Driver Moderate
CVE-2020-8568 was published for sigs.k8s.io/secrets-store-csi-driver (Go) Feb 15, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Credited to oliverchang
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration... High Unreviewed
CVE-2022-20750 was published Feb 18, 2022
Crypt_GPG does not prevent additional options in GPG calls Moderate
CVE-2022-24953 was published for pear/crypt_gpg (Composer) Feb 18, 2022
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
An improper input validation leading to arbitrary file creation was discovered in ToWord of... Critical Unreviewed
CVE-2021-26618 was published Feb 19, 2022
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker... High Unreviewed
CVE-2020-25717 was published Feb 19, 2022
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths,... High Unreviewed
CVE-2021-4120 was published Feb 19, 2022
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS... Moderate Unreviewed
CVE-2022-20625 was published Feb 24, 2022
A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software... High Unreviewed
CVE-2022-20624 was published Feb 24, 2022
This issues due to insufficient verification of the various input values from user’s input. The... Critical Unreviewed
CVE-2021-26617 was published Feb 26, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Credited to iRedds
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7... Critical Unreviewed
CVE-2021-32586 was published Mar 2, 2022
In certain situations it is possible for an unmanaged rule to exist on the target system that has... Critical Unreviewed
CVE-2022-0675 was published Mar 3, 2022
Leading white space bypasses protocol validation Moderate
CVE-2022-24723 was published for urijs (npm) Mar 3, 2022
P0cas
Credited to P0cas
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very... High Unreviewed
CVE-2021-23192 was published Mar 4, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Credited to SunBK201
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2021-38910 was published Mar 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database