Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,964 advisories

Loading
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed
CVE-2022-28345 was published Apr 16, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed
CVE-2021-22055 was published Apr 12, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2020-20601 was published Dec 24, 2021
A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed
CVE-2022-1287 was published Apr 10, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed
CVE-2021-43097 was published Mar 30, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This... Critical Unreviewed
CVE-2022-25420 was published Mar 30, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed
CVE-2021-39910 was published Dec 14, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37040 was published Dec 9, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed
CVE-2021-43441 was published Dec 21, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed
CVE-2021-43439 was published Dec 21, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -... Critical Unreviewed
CVE-2021-44042 was published Dec 15, 2021
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed
CVE-2021-43961 was published Mar 19, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed
CVE-2015-10062 was published Jan 17, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Null Byte Injection in Plug.Static High
CVE-2017-1000052 was published for plug (Erlang) Apr 12, 2022
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection') High
CVE-2019-17513 was published for io.ratpack:ratpack-core (Maven) Oct 21, 2019
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database