Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,326 advisories

Loading
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution... High Unreviewed
CVE-2022-0130 was published Jan 15, 2022
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security... High Unreviewed
CVE-2022-23120 was published Jan 21, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access... High Unreviewed
CVE-2022-23008 was published Jan 26, 2022
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.... High Unreviewed
CVE-2021-46114 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit... High Unreviewed
CVE-2021-46118 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit... High Unreviewed
CVE-2021-46117 was published Jan 27, 2022
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Gitea Remote Code Execution High
CVE-2019-11229 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a... High Unreviewed
CVE-2022-24665 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24663 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24664 was published Feb 17, 2022
There is a code injection vulnerability in smartphones. Successful exploitation of this... High Unreviewed
CVE-2021-22395 was published Feb 26, 2022
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, High Unreviewed
CVE-2021-44238 was published Mar 2, 2022
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code... High Unreviewed
CVE-2022-25018 was published Mar 2, 2022
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to... High Unreviewed
CVE-2021-41282 was published Mar 3, 2022
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is... High Unreviewed
CVE-2022-22909 was published Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database