GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
343 advisories
Filter by severity
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
High
Unreviewed
CVE-2020-14111
was published
Mar 11, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
Critical
Unreviewed
CVE-2020-14115
was published
Mar 11, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a...
High
Unreviewed
CVE-2021-4031
was published
Mar 19, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive...
High
Unreviewed
CVE-2022-20795
was published
Apr 22, 2022
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to...
Moderate
Unreviewed
CVE-2020-14122
was published
Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by...
High
Unreviewed
CVE-2020-14116
was published
Apr 22, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in...
High
Unreviewed
CVE-2022-41156
was published
Nov 25, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was...
High
Unreviewed
CVE-2021-26625
was published
Apr 20, 2022
Authorized users may install a maliciously modified package file when updating the device via the...
High
Unreviewed
CVE-2022-26516
was published
Apr 21, 2022
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote...
High
Unreviewed
CVE-2021-21231
was published
May 24, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated,...
High
Unreviewed
CVE-2021-1403
was published
May 24, 2022
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to...
Critical
Unreviewed
CVE-2021-33885
was published
May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker...
High
Unreviewed
CVE-2021-31228
was published
May 24, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity...
Moderate
Unreviewed
CVE-2022-28385
was published
Jun 9, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server...
Critical
Unreviewed
CVE-2022-31813
was published
Jun 10, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary...
Critical
Unreviewed
CVE-2020-24672
was published
May 24, 2022
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft...
Critical
Unreviewed
CVE-2021-26608
was published
May 24, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep...
High
Unreviewed
CVE-2017-11379
was published
May 17, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31801
was published
Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31800
was published
Jun 22, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML...
High
Unreviewed
CVE-2015-5236
was published
Jul 8, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated...
Moderate
Unreviewed
CVE-2022-31598
was published
Jul 13, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause...
High
Unreviewed
CVE-2022-34763
was published
Jul 14, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before...
High
Unreviewed
CVE-2022-37008
was published
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API