GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,603 advisories
Filter by severity
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows...
High
Unreviewed
CVE-2022-27826
was published
Apr 12, 2022
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1...
High
Unreviewed
CVE-2022-27829
was published
Apr 12, 2022
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers...
High
Unreviewed
CVE-2022-27830
was published
Apr 12, 2022
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory...
High
Unreviewed
CVE-2022-27835
was published
Apr 12, 2022
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to...
Moderate
Unreviewed
CVE-2022-25595
was published
Apr 8, 2022
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2...
Moderate
Unreviewed
CVE-2020-29013
was published
Apr 7, 2022
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for...
Moderate
Unreviewed
CVE-2022-20784
was published
Apr 7, 2022
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758...
Moderate
Unreviewed
CVE-2022-0455
was published
Apr 6, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control...
High
Unreviewed
CVE-2021-22277
was published
Apr 3, 2022
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus....
High
Unreviewed
CVE-2021-26624
was published
Apr 3, 2022
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware...
Critical
Unreviewed
CVE-2021-32974
was published
Apr 3, 2022
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O...
High
Unreviewed
CVE-2021-32970
was published
Apr 3, 2022
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed...
High
Unreviewed
CVE-2022-0741
was published
Apr 3, 2022
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software...
High
Unreviewed
CVE-2022-24299
was published
Apr 1, 2022
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain...
Moderate
Unreviewed
CVE-2022-22311
was published
Apr 1, 2022
In Messaging, there is a possible way to bypass attachment restrictions due to improper input...
Moderate
Unreviewed
CVE-2021-39740
was published
Mar 31, 2022
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to...
High
Unreviewed
CVE-2021-39771
was published
Mar 31, 2022
In Settings, there is a possible way to make the user enable WiFi due to improper input...
High
Unreviewed
CVE-2021-39763
was published
Mar 31, 2022
In Settings, there is a possible way to display an incorrect app name due to improper input...
High
Unreviewed
CVE-2021-39764
was published
Mar 31, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the...
Critical
Unreviewed
CVE-2022-25757
was published
Mar 29, 2022
Improper Input Validation in GoGo Protobuf
High
CVE-2021-3121
was published
for
github.com/gogo/protobuf
(Go)
Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Critical
CVE-2020-13756
was published
for
sabberworm/php-css-parser
(Composer)
Mar 26, 2022
FormField with square brackets in field name skips validation
Moderate
CVE-2020-26138
was published
for
silverstripe/framework
(Composer)
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API