Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,074 advisories

Loading
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL... Critical Unreviewed
CVE-2021-29903 was published May 24, 2022
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a... Critical Unreviewed
CVE-2021-29908 was published May 24, 2022
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to... Critical Unreviewed
CVE-2021-38923 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web... Critical Unreviewed
CVE-2021-41553 was published May 24, 2022
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to... Critical Unreviewed
CVE-2021-35296 was published May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed
CVE-2021-37333 was published May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
The username and password field of login in Lodging Reservation Management System V1 can give... Critical Unreviewed
CVE-2021-41511 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
Login with hash: The login routine allows the client to log in to the system not by using the... Critical Unreviewed
CVE-2021-23857 was published May 24, 2022
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. Critical Unreviewed
CVE-2020-20797 was published May 24, 2022
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. Critical Unreviewed
CVE-2020-20796 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34352 was published May 24, 2022
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced... Critical Unreviewed
CVE-2021-41649 was published May 24, 2022
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal... Critical Unreviewed
CVE-2021-40960 was published May 24, 2022
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in... Critical Unreviewed
CVE-2021-41647 was published May 24, 2022
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL... Critical Unreviewed
CVE-2020-21012 was published May 24, 2022
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource... Critical Unreviewed
CVE-2020-18683 was published May 24, 2022
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java... Critical Unreviewed
CVE-2020-18684 was published May 24, 2022
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH... Critical Unreviewed
CVE-2021-36298 was published May 24, 2022
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using... Critical Unreviewed
CVE-2021-41290 was published May 24, 2022
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource... Critical Unreviewed
CVE-2020-18685 was published May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is... Critical Unreviewed
CVE-2021-41301 was published May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2021-41296 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database