Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,056
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

917 advisories

Loading
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Credited to LoboMetalurgico and PleaseInsertNameHere
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Critical Unreviewed
CVE-2021-41844 was published Dec 16, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Credited to ppkarwasz
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37041 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37042 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37020 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37021 was published Dec 8, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37079 was published Dec 8, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37084 was published Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in... Critical Unreviewed
CVE-2021-43033 was published Dec 7, 2021
An improper input validation leading to arbitrary file creation was discovered in copy method of... Critical Unreviewed
CVE-2021-26612 was published Dec 1, 2021
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Policies not properly enforced in OWASP Java HTML Sanitizer Critical
CVE-2021-42575 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Oct 19, 2021
Imporoper path validation in elFinder.NetCore Critical
CVE-2021-23427 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Improper Input Validation in renderdoc Critical
CVE-2019-16142 was published for renderdoc (Rust) Aug 25, 2021
Arbitrary Command Injection Critical
CVE-2021-23399 was published for wincred (npm) Jun 29, 2021
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
Improper Input Validation in HashiCorp Vault Critical
CVE-2020-12757 was published for github.com/hashicorp/vault-plugin-secrets-gcp (Go) May 18, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Validation bypass in jpv Critical
CVE-2020-17479 was published for jpv (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database