GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for...
Critical
Unreviewed
CVE-2020-23361
was published
May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where...
Critical
Unreviewed
CVE-2020-23360
was published
May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because...
Critical
Unreviewed
CVE-2020-23359
was published
May 24, 2022
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform...
Critical
Unreviewed
CVE-2021-3304
was published
May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Critical
Unreviewed
CVE-2021-3188
was published
May 24, 2022
Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0...
Critical
Unreviewed
CVE-2021-3193
was published
May 24, 2022
Local Service Search Engine Management System 1.0 has a vulnerability through authentication...
Critical
Unreviewed
CVE-2021-3278
was published
May 24, 2022
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is...
Critical
Unreviewed
CVE-2021-3286
was published
May 24, 2022
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server...
Critical
Unreviewed
CVE-2021-3199
was published
May 24, 2022
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when...
Critical
Unreviewed
CVE-2021-3185
was published
May 24, 2022
Buffer overflow in SmallVec::insert_many
Critical
CVE-2021-25900
was published
for
smallvec
(Rust)
May 24, 2022
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server...
Critical
Unreviewed
CVE-2020-6779
was published
May 24, 2022
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin...
Critical
Unreviewed
CVE-2020-35263
was published
May 24, 2022
Student Result Management System In PHP With Source Code is affected by SQL injection. An...
Critical
Unreviewed
CVE-2020-35270
was published
May 24, 2022
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the...
Critical
Unreviewed
CVE-2020-28998
was published
May 24, 2022
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to...
Critical
Unreviewed
CVE-2020-27299
was published
May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082...
Critical
Unreviewed
CVE-2020-27540
was published
May 24, 2022
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker...
Critical
Unreviewed
CVE-2020-27297
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by...
Critical
Unreviewed
CVE-2020-27583
was published
May 24, 2022
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater...
Critical
Unreviewed
CVE-2020-27539
was published
May 24, 2022
newbee-mall all versions are affected by incorrect access control to remotely gain privileges...
Critical
Unreviewed
CVE-2020-23448
was published
May 24, 2022
A specially crafted Markdown document could cause the execution of malicious JavaScript code in...
Critical
Unreviewed
CVE-2020-20269
was published
May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for...
Critical
Unreviewed
CVE-2020-4958
was published
May 24, 2022
Possible out of bound memory access in audio due to integer underflow while processing modified...
Critical
Unreviewed
CVE-2020-3691
was published
May 24, 2022
Out of bound access in WLAN driver due to lack of validation of array length before copying into...
Critical
Unreviewed
CVE-2020-11225
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API