Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

472 advisories

Loading
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an... Critical Unreviewed
CVE-2021-44529 was published Dec 9, 2021
Internally used text extraction reports allow an attacker to inject code that can be executed by... Critical Unreviewed
CVE-2021-44231 was published Dec 15, 2021
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43899 was published Dec 16, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-43882 was published Dec 16, 2021
Bot Framework SDK Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43225 was published Dec 16, 2021
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43217 was published Dec 16, 2021
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution Critical Unreviewed
CVE-2021-43215 was published Dec 16, 2021
Web Media Extensions Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43214 was published Dec 16, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-42311 was published Dec 16, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-42310 was published Dec 16, 2021
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may... Critical Unreviewed
CVE-2021-39979 was published Jan 4, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2022-21846 was published Jan 12, 2022
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability... Critical Unreviewed
CVE-2021-44978 was published Feb 9, 2022
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-23389 was published Feb 15, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22430 was published Feb 26, 2022
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow... Critical Unreviewed
CVE-2021-25003 was published Mar 15, 2022
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for... Critical Unreviewed
CVE-2020-15591 was published Mar 18, 2022
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Critical Unreviewed
CVE-2022-25578 was published Mar 20, 2022
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to... Critical Unreviewed
CVE-2022-26174 was published Mar 23, 2022
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed
CVE-2021-26622 was published Mar 26, 2022
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute... Critical Unreviewed
CVE-2022-26272 was published Mar 26, 2022
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2022-26198 was published Mar 28, 2022
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-26205 was published Mar 28, 2022
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed
CVE-2022-26255 was published Mar 29, 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability... Critical Unreviewed
CVE-2022-22954 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database