GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
223 advisories
Filter by severity
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses...
Moderate
Unreviewed
CVE-2021-38372
was published
May 24, 2022
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.
Moderate
Unreviewed
CVE-2021-38370
was published
May 24, 2022
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS...
Moderate
Unreviewed
CVE-2020-15955
was published
May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special...
Moderate
Unreviewed
CVE-2021-21595
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40994
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40995
was published
May 24, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker...
Moderate
Unreviewed
CVE-2021-26321
was published
May 24, 2022
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS...
Moderate
Unreviewed
CVE-2022-20934
was published
Nov 16, 2022
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.
Moderate
Unreviewed
CVE-2022-42187
was published
Nov 17, 2022
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0...
Moderate
Unreviewed
CVE-2022-40765
was published
Nov 22, 2022
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39087
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39086
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39088
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39084
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39085
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39081
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39083
was published
Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of...
Moderate
Unreviewed
CVE-2022-39082
was published
Jan 4, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated...
Moderate
Unreviewed
CVE-2022-45095
was published
Feb 1, 2023
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote...
Moderate
Unreviewed
CVE-2023-20075
was published
Mar 1, 2023
Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
Moderate
Unreviewed
CVE-2023-1270
was published
Mar 8, 2023
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier,...
Moderate
Unreviewed
CVE-2023-0978
was published
Mar 13, 2023
ProTip!
Advisories are also available from the
GraphQL API