Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4,643 advisories

Loading
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed... High Unreviewed
CVE-2022-0741 was published Apr 3, 2022
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control... High Unreviewed
CVE-2021-22277 was published Apr 3, 2022
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check.... High Unreviewed
CVE-2021-0673 was published Dec 18, 2021
In Settings, there is a possible way to display an incorrect app name due to improper input... High Unreviewed
CVE-2021-39764 was published Mar 31, 2022
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to... High Unreviewed
CVE-2021-39771 was published Mar 31, 2022
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software... High Unreviewed
CVE-2022-24299 was published Apr 1, 2022
In Settings, there is a possible way to make the user enable WiFi due to improper input... High Unreviewed
CVE-2021-39763 was published Mar 31, 2022
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix... High Unreviewed
CVE-2010-3491 was published May 17, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
This vulnerability can be exploited by parsing maliciously crafted project files with Horner... High Unreviewed
CVE-2021-44462 was published Mar 26, 2022
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial... High Unreviewed
CVE-2021-3422 was published Mar 26, 2022
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows... High Unreviewed
CVE-2021-44040 was published Mar 24, 2022
SolarWinds received a report of a vulnerability related to an input that was not sanitized in... High Unreviewed
CVE-2021-35254 was published Mar 26, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and... High Unreviewed
CVE-2022-22653 was published Mar 19, 2022
Path traversal in elFinder.NetCore High
CVE-2021-23428 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not... High Unreviewed
CVE-2010-4679 was published May 17, 2022
Regular Expression Denial-of-Service in npm schema-inspector High
CVE-2021-21267 was published for schema-inspector (npm) Mar 19, 2021
erik-krogh
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute... High Unreviewed
CVE-2011-0465 was published May 17, 2022
In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep... High Unreviewed
CVE-2021-39701 was published Mar 17, 2022
The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain... High Unreviewed
CVE-2016-9919 was published May 17, 2022
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an... High Unreviewed
CVE-2021-37150 was published Aug 11, 2022
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server... High Unreviewed
CVE-2022-28129 was published Aug 11, 2022
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database