Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

780 advisories

Loading
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability... Critical Unreviewed
CVE-2021-44978 was published Feb 9, 2022
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-23389 was published Feb 15, 2022
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22430 was published Feb 26, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured Critical
CVE-2022-22947 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Mar 4, 2022
jbmagination
Code Injection in PyTorch Lightning Critical
CVE-2022-0845 was published for pytorch-lightning (pip) Mar 6, 2022
oliverchang
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow... Critical Unreviewed
CVE-2021-25003 was published Mar 15, 2022
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for... Critical Unreviewed
CVE-2020-15591 was published Mar 18, 2022
Code injection in Apache Dubbo Critical
CVE-2021-30181 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Critical Unreviewed
CVE-2022-25578 was published Mar 20, 2022
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to... Critical Unreviewed
CVE-2022-26174 was published Mar 23, 2022
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed
CVE-2021-26622 was published Mar 26, 2022
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute... Critical Unreviewed
CVE-2022-26272 was published Mar 26, 2022
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2022-26198 was published Mar 28, 2022
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-26205 was published Mar 28, 2022
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed
CVE-2022-26255 was published Mar 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database