Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,054 advisories

Loading
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed
CVE-2021-42117 was published Dec 1, 2021
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed
CVE-2020-17496 was published May 24, 2022
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious... Moderate Unreviewed
CVE-2021-29416 was published May 24, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME... High Unreviewed
CVE-2020-5323 was published May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to... High Unreviewed
CVE-2020-23148 was published May 24, 2022
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed
CVE-2021-39128 was published May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges... High Unreviewed
CVE-2020-18875 was published May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14... High Unreviewed
CVE-2021-30653 was published May 24, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation... Moderate Unreviewed
CVE-2021-42663 was published May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection... High Unreviewed
CVE-2020-23050 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
ProTip! Advisories are also available from the GraphQL API