Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,117 advisories

Loading
The absence of filters when loading some sections in the web application of the vulnerable device... High Unreviewed
CVE-2022-24915 was published Mar 11, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber High
CVE-2022-0896 was published for microweber/microweber (Composer) Mar 10, 2022
This issue exists to document that a security improvement in the way that Jira Server and Data... High Unreviewed
CVE-2021-43944 was published Mar 9, 2022
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed
CVE-2022-0440 was published Mar 8, 2022
Code Injection in PyTorch Lightning Critical
CVE-2022-0845 was published for pytorch-lightning (pip) Mar 6, 2022
oliverchang
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is... High Unreviewed
CVE-2022-22909 was published Mar 4, 2022
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to... High Unreviewed
CVE-2021-41282 was published Mar 3, 2022
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code... High Unreviewed
CVE-2022-25018 was published Mar 2, 2022
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, High Unreviewed
CVE-2021-44238 was published Mar 2, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
There is a code injection vulnerability in smartphones. Successful exploitation of this... High Unreviewed
CVE-2021-22395 was published Feb 26, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22430 was published Feb 26, 2022
Template injection (Improper Neutralization of Special Elements Used in a Template Engine)... Moderate Unreviewed
CVE-2022-23810 was published Feb 25, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24664 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24663 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a... High Unreviewed
CVE-2022-24665 was published Feb 17, 2022
Gitea Remote Code Execution High
CVE-2019-11229 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-23389 was published Feb 15, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database