Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

124 advisories

Loading
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed
CVE-2015-10062 was published Jan 17, 2023
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -... Critical Unreviewed
CVE-2021-44042 was published Dec 15, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely Critical Unreviewed
CVE-2021-43439 was published Dec 21, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37040 was published Dec 9, 2021
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This... Critical Unreviewed
CVE-2022-25420 was published Mar 30, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed
CVE-2022-1287 was published Apr 10, 2022
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2020-20601 was published Dec 24, 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
There is an object injection vulnerability in swfupload plugin for wordpress. Critical Unreviewed
CVE-2013-4144 was published Jul 1, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0... Critical Unreviewed
CVE-2016-1155 was published May 17, 2022
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is... Critical Unreviewed
CVE-2022-34914 was published Jul 9, 2022
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as... Critical Unreviewed
CVE-2016-15004 was published Jul 24, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed
CVE-2022-40434 was published Dec 20, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed
CVE-2022-3236 was published Sep 25, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2022-4768 was published Dec 28, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader... Critical Unreviewed
CVE-2019-19872 was published May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can... Critical Unreviewed
CVE-2020-25094 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database