Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,809 advisories

Loading
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Critical Unreviewed
CVE-2021-28237 was published Dec 3, 2021
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving... Critical Unreviewed
CVE-2015-20105 was published Dec 3, 2021
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api... Critical Unreviewed
CVE-2021-43679 was published Dec 3, 2021
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC... Critical Unreviewed
CVE-2021-26777 was published Dec 3, 2021
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function... Critical Unreviewed
CVE-2021-35346 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller... Critical Unreviewed
CVE-2021-44348 was published Dec 4, 2021
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function... Critical Unreviewed
CVE-2021-35344 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage... Critical Unreviewed
CVE-2021-44349 was published Dec 4, 2021
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main... Critical Unreviewed
CVE-2021-35414 was published Dec 4, 2021
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via... Critical Unreviewed
CVE-2021-44352 was published Dec 4, 2021
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController... Critical Unreviewed
CVE-2021-44347 was published Dec 4, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via ... Critical Unreviewed
CVE-2020-29177 was published Dec 4, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44681 was published Dec 7, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44682 was published Dec 7, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44679 was published Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter... Critical Unreviewed
CVE-2021-31632 was published Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44678 was published Dec 7, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44680 was published Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44677 was published Dec 7, 2021
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery... Critical Unreviewed
CVE-2021-37298 was published Dec 7, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and... Critical Unreviewed
CVE-2021-24943 was published Dec 7, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic... Critical Unreviewed
CVE-2021-39890 was published Dec 7, 2021
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI... Critical Unreviewed
CVE-2021-43936 was published Dec 7, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
ProTip! Advisories are also available from the GraphQL API