GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
125 advisories
Filter by severity
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14...
Critical
Unreviewed
CVE-2015-10062
was published
Jan 17, 2023
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This...
Critical
Unreviewed
CVE-2022-25420
was published
Mar 30, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This...
Critical
Unreviewed
CVE-2022-1287
was published
Apr 10, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2021-26084
was published
May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local...
Critical
Unreviewed
CVE-2022-32269
was published
Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2022-26134
was published
Jun 4, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness...
Critical
Unreviewed
CVE-2021-0268
was published
May 24, 2022
There is an object injection vulnerability in swfupload plugin for wordpress.
Critical
Unreviewed
CVE-2013-4144
was published
Jul 1, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0...
Critical
Unreviewed
CVE-2016-1155
was published
May 17, 2022
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is...
Critical
Unreviewed
CVE-2022-34914
was published
Jul 9, 2022
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as...
Critical
Unreviewed
CVE-2016-15004
was published
Jul 24, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.
Critical
Unreviewed
CVE-2022-40434
was published
Dec 20, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to...
Critical
Unreviewed
CVE-2022-3236
was published
Sep 25, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53...
Critical
Unreviewed
CVE-2021-44530
was published
Jan 15, 2022
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP....
Critical
Unreviewed
CVE-2015-10027
was published
Jan 7, 2023
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2019-2725
was published
May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the...
Critical
Unreviewed
CVE-2019-11581
was published
May 24, 2022
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the...
Critical
Unreviewed
CVE-2022-4768
was published
Dec 28, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36022
was published
May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader...
Critical
Unreviewed
CVE-2019-19872
was published
May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can...
Critical
Unreviewed
CVE-2020-25094
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API