Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,737 advisories

Loading
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for... Critical Unreviewed
CVE-2020-23361 was published May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where... Critical Unreviewed
CVE-2020-23360 was published May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because... Critical Unreviewed
CVE-2020-23359 was published May 24, 2022
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform... Critical Unreviewed
CVE-2021-3304 was published May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Critical Unreviewed
CVE-2021-3188 was published May 24, 2022
Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0... Critical Unreviewed
CVE-2021-3193 was published May 24, 2022
Local Service Search Engine Management System 1.0 has a vulnerability through authentication... Critical Unreviewed
CVE-2021-3278 was published May 24, 2022
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is... Critical Unreviewed
CVE-2021-3286 was published May 24, 2022
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server... Critical Unreviewed
CVE-2021-3199 was published May 24, 2022
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when... Critical Unreviewed
CVE-2021-3185 was published May 24, 2022
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server... Critical Unreviewed
CVE-2020-6779 was published May 24, 2022
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin... Critical Unreviewed
CVE-2020-35263 was published May 24, 2022
Student Result Management System In PHP With Source Code is affected by SQL injection. An... Critical Unreviewed
CVE-2020-35270 was published May 24, 2022
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the... Critical Unreviewed
CVE-2020-28998 was published May 24, 2022
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to... Critical Unreviewed
CVE-2020-27299 was published May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082... Critical Unreviewed
CVE-2020-27540 was published May 24, 2022
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker... Critical Unreviewed
CVE-2020-27297 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by... Critical Unreviewed
CVE-2020-27583 was published May 24, 2022
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater... Critical Unreviewed
CVE-2020-27539 was published May 24, 2022
newbee-mall all versions are affected by incorrect access control to remotely gain privileges... Critical Unreviewed
CVE-2020-23448 was published May 24, 2022
A specially crafted Markdown document could cause the execution of malicious JavaScript code in... Critical Unreviewed
CVE-2020-20269 was published May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for... Critical Unreviewed
CVE-2020-4958 was published May 24, 2022
Possible out of bound memory access in audio due to integer underflow while processing modified... Critical Unreviewed
CVE-2020-3691 was published May 24, 2022
Out of bound access in WLAN driver due to lack of validation of array length before copying into... Critical Unreviewed
CVE-2020-11225 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API