Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

243,162 advisories

Loading
The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting... Moderate Unreviewed
CVE-2021-24686 was published Feb 2, 2022
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a... High Unreviewed
CVE-2021-46666 was published Feb 2, 2022
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE... High Unreviewed
CVE-2021-46662 was published Feb 2, 2022
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. Moderate Unreviewed
CVE-2022-23774 was published Feb 2, 2022
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. High Unreviewed
CVE-2021-46667 was published Feb 2, 2022
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables... High Unreviewed
CVE-2021-46665 was published Feb 2, 2022
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value... High Unreviewed
CVE-2021-46664 was published Feb 2, 2022
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list... High Unreviewed
CVE-2021-46661 was published Feb 2, 2022
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. High Unreviewed
CVE-2021-46663 was published Feb 2, 2022
Improper Input Validation in Apache Pulsar Moderate
CVE-2021-41571 was published for org.apache.pulsar:pulsar (Maven) Feb 2, 2022
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. Moderate Unreviewed
CVE-2022-0432 was published Feb 3, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under... Moderate Unreviewed
CVE-2021-39021 was published Feb 3, 2022
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of... High Unreviewed
CVE-2022-22510 was published Feb 3, 2022
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows... High Unreviewed
CVE-2022-22509 was published Feb 3, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in... High Unreviewed
CVE-2021-42638 was published Feb 3, 2022
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session... High Unreviewed
CVE-2021-39066 was published Feb 3, 2022
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2021-41018 was published Feb 3, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control... Critical Unreviewed
CVE-2021-39070 was published Feb 3, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could... High Unreviewed
CVE-2021-39044 was published Feb 3, 2022
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Cross-site Scripting in Django Moderate
CVE-2022-22818 was published for django (pip) Feb 4, 2022
tdunlap607
Prototype Pollution in @strikeentco/set High
CVE-2021-23497 was published for @strikeentco/set (npm) Feb 5, 2022
Prototype Pollution in putil-merge High
CVE-2021-23470 was published for putil-merge (npm) Feb 5, 2022
ProTip! Advisories are also available from the GraphQL API