Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Critical Unreviewed
CVE-2021-43185 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38458 was published May 24, 2022
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote... Critical Unreviewed
CVE-2021-41392 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2021-20509 was published May 24, 2022
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that... Critical Unreviewed
CVE-2021-22910 was published May 24, 2022
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an... Critical Unreviewed
CVE-2021-3169 was published May 24, 2022
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to... Critical Unreviewed
CVE-2021-20736 was published May 24, 2022
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host... Critical Unreviewed
CVE-2018-25016 was published May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request... Critical Unreviewed
CVE-2021-27730 was published May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in... Critical Unreviewed
CVE-2021-27132 was published May 24, 2022
CITSmart before 9.1.2.23 allows LDAP Injection. Critical Unreviewed
CVE-2020-35775 was published May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can... Critical Unreviewed
CVE-2020-25094 was published May 24, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote... Critical Unreviewed
CVE-2020-4627 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in... Critical Unreviewed
CVE-2019-19874 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader... Critical Unreviewed
CVE-2019-19872 was published May 24, 2022
A templateselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7172 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database