GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
Critical
Unreviewed
CVE-2021-28237
was published
Dec 3, 2021
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving...
Critical
Unreviewed
CVE-2015-20105
was published
Dec 3, 2021
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api...
Critical
Unreviewed
CVE-2021-43679
was published
Dec 3, 2021
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC...
Critical
Unreviewed
CVE-2021-26777
was published
Dec 3, 2021
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function...
Critical
Unreviewed
CVE-2021-35346
was published
Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller...
Critical
Unreviewed
CVE-2021-44348
was published
Dec 4, 2021
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function...
Critical
Unreviewed
CVE-2021-35344
was published
Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage...
Critical
Unreviewed
CVE-2021-44349
was published
Dec 4, 2021
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main...
Critical
Unreviewed
CVE-2021-35414
was published
Dec 4, 2021
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via...
Critical
Unreviewed
CVE-2021-44352
was published
Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController...
Critical
Unreviewed
CVE-2021-44347
was published
Dec 4, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation...
Critical
Unreviewed
CVE-2021-43674
was published
Dec 4, 2021
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via ...
Critical
Unreviewed
CVE-2020-29177
was published
Dec 4, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44681
was published
Dec 7, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44682
was published
Dec 7, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44679
was published
Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter...
Critical
Unreviewed
CVE-2021-31632
was published
Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44678
was published
Dec 7, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44680
was published
Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the...
Critical
Unreviewed
CVE-2021-44677
was published
Dec 7, 2021
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery...
Critical
Unreviewed
CVE-2021-37298
was published
Dec 7, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and...
Critical
Unreviewed
CVE-2021-24943
was published
Dec 7, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic...
Critical
Unreviewed
CVE-2021-39890
was published
Dec 7, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI...
Critical
Unreviewed
CVE-2021-43936
was published
Dec 7, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
Critical
Unreviewed
CVE-2021-40091
was published
Dec 7, 2021
ProTip!
Advisories are also available from the
GraphQL API