Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,061 advisories

Loading
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28707 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28704 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28708 was published Nov 25, 2021
There is a command injection vulnerability in CMA service module of FusionCompute product when... High Unreviewed
CVE-2021-37102 was published Nov 24, 2021
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The ... High Unreviewed
CVE-2021-43557 was published Nov 23, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
Remote Code Execution in Apache Dubbo High
CVE-2021-36162 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Bash command injection in Apache Zeppelin Critical
CVE-2019-10095 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Command Injection in RaspAP 2.6.6 High
CVE-2021-38556 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Data races in bunch High
CVE-2020-36450 was published for bunch (Rust) Aug 25, 2021
Data race in syncpool High
CVE-2020-36462 was published for syncpool (Rust) Aug 25, 2021
Data races in lexer High
CVE-2020-36458 was published for lexer (Rust) Aug 25, 2021
Data races in multiqueue High
CVE-2020-36463 was published for multiqueue (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API