Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian,... High Unreviewed
CVE-2022-0550 was published Mar 25, 2022
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of... Moderate Unreviewed
CVE-2022-21820 was published Mar 25, 2022
Improper Input Validation in guzzlehttp/psr7 Moderate
CVE-2022-24775 was published for guzzlehttp/psr7 (Composer) Mar 25, 2022
TimWolla GrahamCampbell
Credited to TimWolla and GrahamCampbell
This vulnerability can be exploited by parsing maliciously crafted project files with Horner... High Unreviewed
CVE-2021-44462 was published Mar 26, 2022
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this... High Unreviewed
CVE-2021-3567 was published Mar 26, 2022
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial... High Unreviewed
CVE-2021-3422 was published Mar 26, 2022
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed
CVE-2021-26622 was published Mar 26, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in... High Unreviewed
CVE-2021-35254 was published Mar 26, 2022
FormField with square brackets in field name skips validation Moderate
CVE-2020-26138 was published for silverstripe/framework (Composer) Mar 26, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Credited to wuhan005
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the... Critical Unreviewed
CVE-2022-25757 was published Mar 29, 2022
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to... High Unreviewed
CVE-2021-39771 was published Mar 31, 2022
In Settings, there is a possible way to display an incorrect app name due to improper input... High Unreviewed
CVE-2021-39764 was published Mar 31, 2022
In Settings, there is a possible way to make the user enable WiFi due to improper input... High Unreviewed
CVE-2021-39763 was published Mar 31, 2022
In Messaging, there is a possible way to bypass attachment restrictions due to improper input... Moderate Unreviewed
CVE-2021-39740 was published Mar 31, 2022
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain... Moderate Unreviewed
CVE-2022-22311 was published Apr 1, 2022
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software... High Unreviewed
CVE-2022-24299 was published Apr 1, 2022
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed... High Unreviewed
CVE-2022-0741 was published Apr 3, 2022
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware... Critical Unreviewed
CVE-2021-32974 was published Apr 3, 2022
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O... High Unreviewed
CVE-2021-32970 was published Apr 3, 2022
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus.... High Unreviewed
CVE-2021-26624 was published Apr 3, 2022
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control... High Unreviewed
CVE-2021-22277 was published Apr 3, 2022
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Credited to Haxatron and chrisbloom7
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database