GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,697
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,351 advisories
Filter by severity
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2020-11987
was published
for
org.apache.xmlgraphics:batik-svgbrowser
(Maven)
Jan 6, 2022
Sandbox Bypass in Apache Velocity Engine
High
CVE-2020-13936
was published
for
org.apache.velocity:velocity
(Maven)
Jan 6, 2022
Improper Validation and Sanitization in url-parse
Moderate
CVE-2020-8124
was published
for
url-parse
(npm)
Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid
High
CVE-2021-43861
was published
for
mermaid
(npm)
Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
In wifi driver, there is a possible system crash due to a missing validation check. This could...
Moderate
Unreviewed
CVE-2021-41789
was published
Jan 5, 2022
In vow driver, there is a possible memory corruption due to improper input validation. This could...
Moderate
Unreviewed
CVE-2022-20014
was published
Jan 5, 2022
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
Improper validation of a socket state when socket events are being sent to clients can lead to...
High
Unreviewed
CVE-2021-30262
was published
Jan 4, 2022
Improper input validation in TrustZone memory transfer interface can lead to information...
Moderate
Unreviewed
CVE-2021-30278
was published
Jan 4, 2022
The programming function of Shockwall system has an improper input validation vulnerability. An...
Low
Unreviewed
CVE-2021-45916
was published
Jan 4, 2022
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing...
High
Unreviewed
CVE-2021-24893
was published
Jan 4, 2022
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of...
Critical
Unreviewed
CVE-2021-37116
was published
Jan 4, 2022
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency...
High
Unreviewed
CVE-2021-21751
was published
Dec 28, 2021
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does...
Moderate
Unreviewed
CVE-2021-43548
was published
Dec 28, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle...
High
Unreviewed
CVE-2021-41788
was published
Dec 27, 2021
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker...
High
Unreviewed
CVE-2021-38015
was published
Dec 24, 2021
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote...
Moderate
Unreviewed
CVE-2021-4059
was published
Dec 24, 2021
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a...
Moderate
Unreviewed
CVE-2021-4068
was published
Dec 24, 2021
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
High
Unreviewed
CVE-2021-45462
was published
Dec 24, 2021
Certain Starcharge products are affected by Improper Input Validation. The affected products...
High
Unreviewed
CVE-2021-45419
was published
Dec 23, 2021
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design...
High
Unreviewed
CVE-2021-44422
was published
Dec 22, 2021
Remote Code Execution in npm-groovy-lint
Critical
GHSA-qc22-qwm9-j8rx
was published
for
npm-groovy-lint
(npm)
Dec 20, 2021
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API