Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,508 advisories

Loading
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ppkarwasz Credited to ppkarwasz
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to... Moderate Unreviewed
CVE-2021-45818 was published Dec 31, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Moderate Unreviewed
CVE-2021-4183 was published Dec 31, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed
CVE-2021-43441 was published Dec 21, 2021
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim Credited to ewjoachim
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed
CVE-2021-39910 was published Dec 14, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester Credited to pwntester
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed
CVE-2021-42117 was published Dec 1, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed
CVE-2021-36322 was published Nov 21, 2021
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn Credited to hsblhsn and abdshaleh abdshaleh abdshaleh
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV Credited to MR-ZHEEV
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters Moderate
CVE-2021-27908 was published for mautic/core (Composer) Apr 6, 2021
Gregy Credited to Gregy and fedys fedys fedys
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Remote Code Execution in Red Discord Bot Moderate
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev Credited to douglascdev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database