Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

124 advisories

Loading
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37040 was published Dec 9, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -... Critical Unreviewed
CVE-2021-44042 was published Dec 15, 2021
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could... Critical Unreviewed
CVE-2021-45092 was published Dec 17, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed
CVE-2021-43439 was published Dec 21, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2020-20601 was published Dec 24, 2021
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58... Critical Unreviewed
CVE-2021-45658 was published Dec 27, 2021
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed
CVE-2022-0582 was published Feb 15, 2022
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item... Critical Unreviewed
CVE-2022-24300 was published Feb 15, 2022
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection)... Critical Unreviewed
CVE-2022-24442 was published Feb 26, 2022
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This... Critical Unreviewed
CVE-2022-25420 was published Mar 30, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed
CVE-2022-1287 was published Apr 10, 2022
TWiki allows arbitrary shell command execution via the Include function Critical Unreviewed
CVE-2005-3056 was published Apr 21, 2022
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP... Critical Unreviewed
CVE-2011-2717 was published Apr 22, 2022
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-27336 was published Apr 28, 2022
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote... Critical Unreviewed
CVE-2013-7070 was published May 5, 2022
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo... Critical Unreviewed
CVE-2022-24039 was published May 11, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/... Critical Unreviewed
CVE-2018-16763 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... Critical Unreviewed
CVE-2017-14094 was published May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate... Critical Unreviewed
CVE-2017-7239 was published May 13, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and... Critical Unreviewed
CVE-2018-4995 was published May 13, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed
CVE-2017-1000493 was published May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API