Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,193 advisories

Loading
Unrestricted file upload leads to stored cross-site scripting in Microweber Moderate
CVE-2022-0906 was published for microweber/microweber (Composer) Mar 11, 2022
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam... Moderate Unreviewed
CVE-2021-32434 was published Mar 11, 2022
In connsyslogger, there is a possible symbolic link following due to improper link resolution.... Moderate Unreviewed
CVE-2022-20050 was published Mar 11, 2022
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a... Moderate Unreviewed
CVE-2021-44421 was published Mar 11, 2022
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS)... Moderate Unreviewed
CVE-2021-42856 was published Mar 11, 2022
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s... Moderate Unreviewed
CVE-2021-33851 was published Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Microweber Moderate
CVE-2022-0921 was published for microweber/microweber (Composer) Mar 12, 2022
SAS Logon Manager v9.4 was discovered to contain a vulnerability in the web UI which would allow... Moderate Unreviewed
CVE-2021-42186 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Moderate Unreviewed
CVE-2021-42857 was published Mar 11, 2022
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could... Moderate Unreviewed
CVE-2022-24323 was published Mar 11, 2022
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of... Moderate Unreviewed
CVE-2022-24090 was published Mar 12, 2022
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged... Moderate Unreviewed
CVE-2021-32009 was published Mar 12, 2022
Ericsson Network Manager 20.2 has Insecure Permissions. Moderate Unreviewed
CVE-2021-28488 was published Mar 11, 2022
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in... Moderate Unreviewed
CVE-2021-32005 was published Mar 11, 2022
Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile... Moderate Unreviewed
CVE-2021-34341 was published Mar 11, 2022
A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s... Moderate Unreviewed
CVE-2021-33852 was published Mar 11, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This... Moderate Unreviewed
CVE-2021-35251 was published Mar 11, 2022
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c... Moderate Unreviewed
CVE-2021-34342 was published Mar 11, 2022
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by... Moderate Unreviewed
CVE-2020-14112 was published Mar 11, 2022
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. Moderate Unreviewed
CVE-2021-34122 was published Mar 11, 2022
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially... Moderate Unreviewed
CVE-2021-26341 was published Mar 12, 2022
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact... Moderate Unreviewed
CVE-2022-25601 was published Mar 12, 2022
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. Moderate Unreviewed
CVE-2021-26401 was published Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database