GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through...
Critical
Unreviewed
CVE-2020-16629
was published
May 24, 2022
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a...
Critical
Unreviewed
CVE-2021-3122
was published
May 24, 2022
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with...
Critical
Unreviewed
CVE-2021-20623
was published
May 24, 2022
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a...
Critical
Unreviewed
CVE-2020-18717
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18716
was published
May 24, 2022
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort()...
Critical
Unreviewed
CVE-2020-10539
was published
May 24, 2022
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted...
Critical
Unreviewed
CVE-2020-10857
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18713
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18714
was published
May 24, 2022
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another...
Critical
Unreviewed
CVE-2021-3401
was published
May 24, 2022
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric...
Critical
Unreviewed
CVE-2021-26688
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The...
Critical
Unreviewed
CVE-2021-26689
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In...
Critical
Unreviewed
CVE-2021-26687
was published
May 24, 2022
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote...
Critical
Unreviewed
CVE-2021-20016
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1295
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1292
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1293
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1291
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1294
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1290
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1289
was published
May 24, 2022
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that...
Critical
Unreviewed
CVE-2020-14245
was published
May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message...
Critical
Unreviewed
CVE-2021-25274
was published
May 24, 2022
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible,...
Critical
Unreviewed
CVE-2021-25770
was published
May 24, 2022
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace...
Critical
Unreviewed
CVE-2021-25758
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API