Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,697
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,351 advisories

Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Sandbox Bypass in Apache Velocity Engine High
CVE-2020-13936 was published for org.apache.velocity:velocity (Maven) Jan 6, 2022
Improper Validation and Sanitization in url-parse Moderate
CVE-2020-8124 was published for url-parse (npm) Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
In wifi driver, there is a possible system crash due to a missing validation check. This could... Moderate Unreviewed
CVE-2021-41789 was published Jan 5, 2022
In vow driver, there is a possible memory corruption due to improper input validation. This could... Moderate Unreviewed
CVE-2022-20014 was published Jan 5, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
Improper validation of a socket state when socket events are being sent to clients can lead to... High Unreviewed
CVE-2021-30262 was published Jan 4, 2022
Improper input validation in TrustZone memory transfer interface can lead to information... Moderate Unreviewed
CVE-2021-30278 was published Jan 4, 2022
The programming function of Shockwall system has an improper input validation vulnerability. An... Low Unreviewed
CVE-2021-45916 was published Jan 4, 2022
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing... High Unreviewed
CVE-2021-24893 was published Jan 4, 2022
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of... Critical Unreviewed
CVE-2021-37116 was published Jan 4, 2022
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency... High Unreviewed
CVE-2021-21751 was published Dec 28, 2021
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does... Moderate Unreviewed
CVE-2021-43548 was published Dec 28, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle... High Unreviewed
CVE-2021-41788 was published Dec 27, 2021
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker... High Unreviewed
CVE-2021-38015 was published Dec 24, 2021
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote... Moderate Unreviewed
CVE-2021-4059 was published Dec 24, 2021
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a... Moderate Unreviewed
CVE-2021-4068 was published Dec 24, 2021
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. High Unreviewed
CVE-2021-45462 was published Dec 24, 2021
Certain Starcharge products are affected by Improper Input Validation. The affected products... High Unreviewed
CVE-2021-45419 was published Dec 23, 2021
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design... High Unreviewed
CVE-2021-44422 was published Dec 22, 2021
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
ProTip! Advisories are also available from the GraphQL API