Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,685 advisories

Loading
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager,... Critical Unreviewed
CVE-2021-32522 was published May 24, 2022
ECOA BAS controller’s special page displays user account and passwords in plain text, thus... Critical Unreviewed
CVE-2021-41300 was published May 24, 2022
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to... Critical Unreviewed
CVE-2021-32520 was published May 24, 2022
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file... Critical Unreviewed
CVE-2021-23280 was published May 24, 2022
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323... Critical Unreviewed
CVE-2020-14305 was published May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only... Critical Unreviewed
CVE-2021-20999 was published May 24, 2022
The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to... Critical Unreviewed
CVE-2021-32525 was published May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an... Critical Unreviewed
CVE-2021-21505 was published May 24, 2022
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways,... Critical Unreviewed
CVE-2021-24731 was published May 24, 2022
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote... Critical Unreviewed
CVE-2021-32535 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27241 was published May 24, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
A stack overflow vulnerability in Facebook Hermes ‘builtin apply’ prior to commit... Critical Unreviewed
CVE-2020-1896 was published May 24, 2022
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE... Critical Unreviewed
CVE-2021-30476 was published May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the... Critical Unreviewed
CVE-2021-24229 was published May 24, 2022
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote... Critical Unreviewed
CVE-2021-34436 was published May 24, 2022
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz Critical Unreviewed
CVE-2021-37608 was published May 24, 2022
ZipSlip vulnerability in bblfshd Critical Unreviewed
CVE-2021-32825 was published May 24, 2022
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Critical Unreviewed
CVE-2021-36789 was published May 24, 2022
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a... Critical Unreviewed
CVE-2021-33622 was published May 24, 2022
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55.... Critical Unreviewed
CVE-2020-12403 was published May 24, 2022
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read... Critical Unreviewed
CVE-2021-30045 was published May 24, 2022
gitjacker arbitrary code execution Critical
CVE-2021-29417 was published for github.com/liamg/gitjacker (Go) May 24, 2022
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST... Critical Unreviewed
CVE-2021-28294 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database