Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,809 advisories

Loading
An improper input validation leading to arbitrary file creation was discovered in copy method of... Critical Unreviewed
CVE-2021-26612 was published Dec 1, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Critical Unreviewed
CVE-2021-43202 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41679 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41678 was published Dec 1, 2021
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as... Critical Unreviewed
CVE-2021-41677 was published Dec 1, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42545 was published Dec 1, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42115 was published Dec 1, 2021
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and ... Critical Unreviewed
CVE-2021-3727 was published Dec 1, 2021
# Vulnerability in `title` function **Description**: the `title` function defined in `lib... Critical Unreviewed
CVE-2021-3726 was published Dec 1, 2021
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42544 was published Dec 1, 2021
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**:... Critical Unreviewed
CVE-2021-3769 was published Dec 1, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33274 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33269 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33265 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33271 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33266 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33268 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33270 was published Dec 2, 2021
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to... Critical Unreviewed
CVE-2021-33267 was published Dec 2, 2021
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the... Critical Unreviewed
CVE-2021-43451 was published Dec 2, 2021
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Critical Unreviewed
CVE-2021-38575 was published Dec 2, 2021
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs... Critical Unreviewed
CVE-2021-26334 was published Dec 2, 2021
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master... Critical Unreviewed
CVE-2021-43685 was published Dec 2, 2021
attendance management system 1.0 is affected by a SQL injection vulnerability in admin... Critical Unreviewed
CVE-2021-44280 was published Dec 2, 2021
ProTip! Advisories are also available from the GraphQL API