GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config...
Critical
Unreviewed
CVE-2021-44630
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code...
Critical
Unreviewed
CVE-2021-42786
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42787
was published
Mar 11, 2022
There is a permission control vulnerability in the Nearby module. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-40053
was published
Mar 11, 2022
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511...
Critical
Unreviewed
CVE-2022-25621
was published
Mar 12, 2022
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-40050
was published
Mar 11, 2022
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function...
Critical
Unreviewed
CVE-2021-33293
was published
Mar 11, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
Critical
Unreviewed
CVE-2020-14115
was published
Mar 11, 2022
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm...
Critical
Unreviewed
CVE-2021-44620
was published
Mar 12, 2022
The following Yokogawa Electric products hard-code the password for CAMS server applications:...
Critical
Unreviewed
CVE-2022-23402
was published
Mar 12, 2022
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)...
Critical
Unreviewed
CVE-2022-26320
was published
Mar 15, 2022
The following Yokogawa Electric products do not change the passwords of the internal Windows...
Critical
Unreviewed
CVE-2022-21194
was published
Mar 12, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private...
Critical
Unreviewed
CVE-2021-45887
was published
Mar 14, 2022
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via...
Critical
Unreviewed
CVE-2022-25494
was published
Mar 16, 2022
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the...
Critical
Unreviewed
CVE-2022-0169
was published
Mar 15, 2022
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location...
Critical
Unreviewed
CVE-2022-0658
was published
Mar 15, 2022
Online Project Time Management System v1.0 was discovered to contain a SQL injection...
Critical
Unreviewed
CVE-2022-26293
was published
Mar 17, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
Critical
Unreviewed
CVE-2022-25251
was published
Mar 17, 2022
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin...
Critical
Unreviewed
CVE-2022-25487
was published
Mar 16, 2022
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in ...
Critical
Unreviewed
CVE-2022-25488
was published
Mar 16, 2022
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-25495
was published
Mar 16, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in...
Critical
Unreviewed
CVE-2022-25492
was published
Mar 16, 2022
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using...
Critical
Unreviewed
CVE-2021-25007
was published
Mar 15, 2022
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in...
Critical
Unreviewed
CVE-2022-25490
was published
Mar 16, 2022
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory...
Critical
Unreviewed
CVE-2022-0982
was published
Mar 17, 2022
ProTip!
Advisories are also available from the
GraphQL API