GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
23,074 advisories
Filter by severity
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL...
Critical
Unreviewed
CVE-2021-29903
was published
May 24, 2022
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a...
Critical
Unreviewed
CVE-2021-29908
was published
May 24, 2022
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to...
Critical
Unreviewed
CVE-2021-38923
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web...
Critical
Unreviewed
CVE-2021-41553
was published
May 24, 2022
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to...
Critical
Unreviewed
CVE-2021-35296
was published
May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at...
Critical
Unreviewed
CVE-2021-37333
was published
May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an...
Critical
Unreviewed
CVE-2021-38823
was published
May 24, 2022
The username and password field of login in Lodging Reservation Management System V1 can give...
Critical
Unreviewed
CVE-2021-41511
was published
May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41592
was published
May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41591
was published
May 24, 2022
Login with hash: The login routine allows the client to log in to the system not by using the...
Critical
Unreviewed
CVE-2021-23857
was published
May 24, 2022
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
Critical
Unreviewed
CVE-2020-20797
was published
May 24, 2022
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
Critical
Unreviewed
CVE-2020-20796
was published
May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If...
Critical
Unreviewed
CVE-2021-34352
was published
May 24, 2022
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced...
Critical
Unreviewed
CVE-2021-41649
was published
May 24, 2022
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal...
Critical
Unreviewed
CVE-2021-40960
was published
May 24, 2022
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in...
Critical
Unreviewed
CVE-2021-41647
was published
May 24, 2022
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL...
Critical
Unreviewed
CVE-2020-21012
was published
May 24, 2022
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource...
Critical
Unreviewed
CVE-2020-18683
was published
May 24, 2022
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java...
Critical
Unreviewed
CVE-2020-18684
was published
May 24, 2022
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH...
Critical
Unreviewed
CVE-2021-36298
was published
May 24, 2022
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using...
Critical
Unreviewed
CVE-2021-41290
was published
May 24, 2022
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource...
Critical
Unreviewed
CVE-2020-18685
was published
May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is...
Critical
Unreviewed
CVE-2021-41301
was published
May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2021-41296
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API