Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,127 advisories

Loading
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the... Critical Unreviewed
CVE-2022-34056 was published Jun 25, 2022
The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34065 was published Jun 25, 2022
The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the... Critical Unreviewed
CVE-2022-34055 was published Jun 25, 2022
The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor.... Critical Unreviewed
CVE-2022-34060 was published Jun 25, 2022
The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34054 was published Jun 25, 2022
The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution... Critical Unreviewed
CVE-2022-34066 was published Jun 25, 2022
The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This... Critical Unreviewed
CVE-2022-34064 was published Jun 25, 2022
** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to... Critical Unreviewed
CVE-2022-31361 was published Jun 24, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root... Critical Unreviewed
CVE-2022-32535 was published Jun 24, 2022
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker... Critical Unreviewed
CVE-2021-40954 was published Jun 24, 2022
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO Critical Unreviewed
CVE-2022-31787 was published Jun 24, 2022
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8,... Critical Unreviewed
CVE-2022-32554 was published Jun 24, 2022
There is no account authentication and permission check logic in the firmware and existing apps... Critical Unreviewed
CVE-2021-26637 was published Jun 24, 2022
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause... Critical Unreviewed
CVE-2021-26638 was published Jun 24, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS... Critical Unreviewed
CVE-2022-31801 was published Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS... Critical Unreviewed
CVE-2022-31800 was published Jun 22, 2022
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected... Critical Unreviewed
CVE-2017-20067 was published Jun 22, 2022
A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default... Critical Unreviewed
CVE-2022-33139 was published Jun 22, 2022
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. Critical Unreviewed
CVE-2022-29775 was published Jun 22, 2022
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0... Critical Unreviewed
CVE-2022-31374 was published Jun 22, 2022
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. Critical Unreviewed
CVE-2022-29774 was published Jun 22, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. Critical Unreviewed
CVE-2022-26147 was published Jun 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database