GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
241,042 advisories
Filter by severity
Prototype Pollution in putil-merge
High
CVE-2021-23470
was published
for
putil-merge
(npm)
Feb 5, 2022
Improper Initialization in OpenZeppelin
High
CVE-2021-46320
was published
for
@openzeppelin/contracts
(npm)
Feb 5, 2022
Cross-Site Request Forgery in Filebrowser
High
CVE-2021-46398
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2021-45742
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-45738
was published
Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the...
Critical
Unreviewed
CVE-2021-45740
was published
Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the...
High
Unreviewed
CVE-2021-45739
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function...
High
Unreviewed
CVE-2021-45741
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-45733
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication...
High
Unreviewed
CVE-2021-45735
was published
Feb 5, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the...
High
Unreviewed
CVE-2021-45737
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function...
High
Unreviewed
CVE-2021-45734
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function...
High
Unreviewed
CVE-2021-45736
was published
Feb 5, 2022
Cross-site Scripting in Beanstalk console
Moderate
CVE-2022-0501
was published
for
ptrofimov/beanstalk_console
(Composer)
Feb 6, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
High
CVE-2022-23913
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Feb 6, 2022
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of...
High
Unreviewed
CVE-2022-22724
was published
Feb 6, 2022
Business Logic Errors in SilverStripe Framework
Moderate
CVE-2022-0227
was published
for
silverstripe/framework
(Composer)
Feb 6, 2022
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service
Critical
CVE-2021-36152
was published
for
org.apache.gobblin:gobblin-core
(Maven)
Feb 6, 2022
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Moderate
CVE-2022-0472
was published
for
jsdecena/laracom
(Composer)
Feb 6, 2022
Hadoop token in temp file visible to all users in Apache Gobblin
Moderate
CVE-2021-36151
was published
for
org.apache.gobblin:gobblin-core
(Maven)
Feb 6, 2022
Server-Side Request Forgery in Apache Traffic Control
High
CVE-2022-23206
was published
for
github.com/apache/trafficcontrol
(Go)
Feb 7, 2022
Cross-site Scripting in LiveHelperChat
Moderate
CVE-2022-0502
was published
for
remdex/livehelperchat
(Composer)
Feb 7, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
ProTip!
Advisories are also available from the
GraphQL API