GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
124 advisories
Filter by severity
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists...
Critical
Unreviewed
CVE-2021-26084
was published
May 24, 2022
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
Critical
Unreviewed
CVE-2021-43185
was published
May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2...
Critical
Unreviewed
CVE-2021-38458
was published
May 24, 2022
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote...
Critical
Unreviewed
CVE-2021-41392
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36022
was published
May 24, 2022
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote...
Critical
Unreviewed
CVE-2021-20509
was published
May 24, 2022
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that...
Critical
Unreviewed
CVE-2021-22910
was published
May 24, 2022
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an...
Critical
Unreviewed
CVE-2021-3169
was published
May 24, 2022
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to...
Critical
Unreviewed
CVE-2021-20736
was published
May 24, 2022
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host...
Critical
Unreviewed
CVE-2018-25016
was published
May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness...
Critical
Unreviewed
CVE-2021-0268
was published
May 24, 2022
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request...
Critical
Unreviewed
CVE-2021-27730
was published
May 24, 2022
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in...
Critical
Unreviewed
CVE-2021-27132
was published
May 24, 2022
CITSmart before 9.1.2.23 allows LDAP Injection.
Critical
Unreviewed
CVE-2020-35775
was published
May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can...
Critical
Unreviewed
CVE-2020-25094
was published
May 24, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote...
Critical
Unreviewed
CVE-2020-4627
was published
May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in...
Critical
Unreviewed
CVE-2019-19874
was published
May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader...
Critical
Unreviewed
CVE-2019-19872
was published
May 24, 2022
A templateselect expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7172
was published
May 24, 2022
A guidatadetail expression language injection remote code execution vulnerability was discovered...
Critical
Unreviewed
CVE-2020-7171
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager...
Critical
Unreviewed
CVE-2020-15348
was published
May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64...
Critical
Unreviewed
CVE-2020-5505
was published
May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by...
Critical
Unreviewed
CVE-2019-19330
was published
May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may...
Critical
Unreviewed
CVE-2019-9535
was published
May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
Critical
Unreviewed
CVE-2017-18583
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API