Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

674 advisories

Loading
An improper input validation leading to arbitrary file creation was discovered in copy method of... Critical Unreviewed
CVE-2021-26612 was published Dec 1, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in... Critical Unreviewed
CVE-2021-43033 was published Dec 7, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37084 was published Dec 8, 2021
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37079 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37021 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37020 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37042 was published Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of... Critical Unreviewed
CVE-2021-37041 was published Dec 8, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Critical Unreviewed
CVE-2021-41844 was published Dec 16, 2021
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
Serv-U web login screen was allowing characters that were not sanitized by the authentication... Critical Unreviewed
CVE-2021-35247 was published Jan 11, 2022
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which... Critical Unreviewed
CVE-2021-44734 was published Jan 21, 2022
There is a vulnerability of unstrict input parameter verification in the audio assembly... Critical Unreviewed
CVE-2021-39997 was published Feb 11, 2022
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to... Critical Unreviewed
CVE-2022-23425 was published Feb 12, 2022
Improper Input Validation in SPIP Critical Unreviewed
CVE-2020-28984 was published Feb 15, 2022
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
An improper input validation leading to arbitrary file creation was discovered in ToWord of... Critical Unreviewed
CVE-2021-26618 was published Feb 19, 2022
This issues due to insufficient verification of the various input values from user’s input. The... Critical Unreviewed
CVE-2021-26617 was published Feb 26, 2022
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7... Critical Unreviewed
CVE-2021-32586 was published Mar 2, 2022
In certain situations it is possible for an unmanaged rule to exist on the target system that has... Critical Unreviewed
CVE-2022-0675 was published Mar 3, 2022
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a... Critical Unreviewed
CVE-2022-26100 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code... Critical Unreviewed
CVE-2021-42786 was published Mar 11, 2022
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-25498 was published Mar 16, 2022
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote... Critical Unreviewed
CVE-2022-27228 was published Mar 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database