GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,054 advisories
Filter by severity
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
High
Unreviewed
CVE-2020-8644
was published
May 24, 2022
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Critical
CVE-2022-36084
was published
for
cruddl
(npm)
Sep 16, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an...
High
Unreviewed
CVE-2020-17496
was published
May 24, 2022
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious...
Moderate
Unreviewed
CVE-2021-29416
was published
May 24, 2022
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME...
High
Unreviewed
CVE-2020-5323
was published
May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2021-26084
was published
May 24, 2022
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to...
High
Unreviewed
CVE-2020-23148
was published
May 24, 2022
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon...
High
Unreviewed
CVE-2021-39128
was published
May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local...
Critical
Unreviewed
CVE-2022-32269
was published
Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2022-26134
was published
Jun 4, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges...
High
Unreviewed
CVE-2020-18875
was published
May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14...
High
Unreviewed
CVE-2021-30653
was published
May 24, 2022
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation...
Moderate
Unreviewed
CVE-2021-42663
was published
May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection...
High
Unreviewed
CVE-2020-23050
was published
May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
High
Unreviewed
CVE-2022-43932
was published
Jan 5, 2023
ProTip!
Advisories are also available from the
GraphQL API