GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
243,162 advisories
Filter by severity
The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting...
Moderate
Unreviewed
CVE-2021-24686
was published
Feb 2, 2022
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a...
High
Unreviewed
CVE-2021-46666
was published
Feb 2, 2022
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE...
High
Unreviewed
CVE-2021-46662
was published
Feb 2, 2022
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
Moderate
Unreviewed
CVE-2022-23774
was published
Feb 2, 2022
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
High
Unreviewed
CVE-2021-46667
was published
Feb 2, 2022
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables...
High
Unreviewed
CVE-2021-46665
was published
Feb 2, 2022
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value...
High
Unreviewed
CVE-2021-46664
was published
Feb 2, 2022
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list...
High
Unreviewed
CVE-2021-46661
was published
Feb 2, 2022
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
High
Unreviewed
CVE-2021-46663
was published
Feb 2, 2022
Improper Input Validation in Apache Pulsar
Moderate
CVE-2021-41571
was published
for
org.apache.pulsar:pulsar
(Maven)
Feb 2, 2022
Potential proxy IP restriction bypass in Kubernetes
Low
CVE-2020-8562
was published
for
k8s.io/kubernetes
(Go)
Feb 2, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
Moderate
Unreviewed
CVE-2022-0432
was published
Feb 3, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under...
Moderate
Unreviewed
CVE-2021-39021
was published
Feb 3, 2022
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of...
High
Unreviewed
CVE-2022-22510
was published
Feb 3, 2022
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows...
High
Unreviewed
CVE-2022-22509
was published
Feb 3, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in...
High
Unreviewed
CVE-2021-42638
was published
Feb 3, 2022
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session...
High
Unreviewed
CVE-2021-39066
was published
Feb 3, 2022
A improper neutralization of special elements used in an os command ('os command injection') in...
High
Unreviewed
CVE-2021-41018
was published
Feb 3, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control...
Critical
Unreviewed
CVE-2021-39070
was published
Feb 3, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could...
High
Unreviewed
CVE-2021-39044
was published
Feb 3, 2022
Prototype Pollution in @strikeentco/set
High
CVE-2021-23497
was published
for
@strikeentco/set
(npm)
Feb 5, 2022
Prototype Pollution in putil-merge
High
CVE-2021-23470
was published
for
putil-merge
(npm)
Feb 5, 2022
ProTip!
Advisories are also available from the
GraphQL API