Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,770
NuGet
680
pip
3,458
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,363 advisories

Loading
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed
CVE-2022-0440 was published Mar 8, 2022
This issue exists to document that a security improvement in the way that Jira Server and Data... High Unreviewed
CVE-2021-43944 was published Mar 9, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber High
CVE-2022-0896 was published for microweber/microweber (Composer) Mar 10, 2022
The absence of filters when loading some sections in the web application of the vulnerable device... High Unreviewed
CVE-2022-24915 was published Mar 11, 2022
The absence of filters when loading some sections in the web application of the vulnerable device... High Unreviewed
CVE-2022-22985 was published Mar 11, 2022
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad... High Unreviewed
CVE-2022-0944 was published Mar 16, 2022
Code injection in accesslog High
CVE-2022-25760 was published for accesslog (npm) Mar 18, 2022
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434... High Unreviewed
CVE-2020-25197 was published Mar 19, 2022
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is... High Unreviewed
CVE-2022-0687 was published Mar 22, 2022
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who... High Unreviewed
CVE-2022-1159 was published Apr 3, 2022
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious... High Unreviewed
CVE-2021-39908 was published Apr 3, 2022
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute... High Unreviewed
CVE-2022-26982 was published Apr 6, 2022
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account... High Unreviewed
CVE-2021-39114 was published Apr 6, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13... High Unreviewed
CVE-2022-27427 was published Apr 16, 2022
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the... High Unreviewed
CVE-2022-0661 was published Apr 19, 2022
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. High Unreviewed
CVE-2011-1830 was published Apr 22, 2022
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
A vulnerability was reported in Lenovo System Update that could allow a local user with... High Unreviewed
CVE-2022-0354 was published Apr 23, 2022
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation... High Unreviewed
CVE-2022-29819 was published Apr 29, 2022
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation... High Unreviewed
CVE-2022-29821 was published Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom... High Unreviewed
CVE-2022-29814 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database