GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,303 advisories
Filter by severity
A local administrator could prevent the HMPA service from starting despite tamper protection...
Moderate
Unreviewed
CVE-2021-25269
was published
Nov 27, 2021
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message...
Moderate
Unreviewed
CVE-2021-44225
was published
Nov 27, 2021
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are...
Moderate
Unreviewed
CVE-2021-44201
was published
Nov 30, 2021
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber...
Moderate
Unreviewed
CVE-2021-44199
was published
Nov 30, 2021
Stored cross-site scripting (XSS) was possible in protection plan details. The following products...
Moderate
Unreviewed
CVE-2021-44203
was published
Nov 30, 2021
Stored cross-site scripting (XSS) was possible in activity details. The following products are...
Moderate
Unreviewed
CVE-2021-44202
was published
Nov 30, 2021
Self cross-site scripting (XSS) was possible on devices page. The following products are affected...
Moderate
Unreviewed
CVE-2021-44200
was published
Nov 30, 2021
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2021-43697
was published
Nov 30, 2021
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-42365
was published
Nov 30, 2021
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image...
Moderate
Unreviewed
CVE-2021-3802
was published
Nov 30, 2021
Some Huawei products use the OpenHpi software for hardware management. A function that parses...
Moderate
Unreviewed
CVE-2021-39995
was published
Nov 30, 2021
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In...
Moderate
Unreviewed
CVE-2021-43698
was published
Nov 30, 2021
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or...
Moderate
Unreviewed
CVE-2021-24918
was published
Nov 30, 2021
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels...
Moderate
Unreviewed
CVE-2021-24899
was published
Nov 30, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v...
Moderate
Unreviewed
CVE-2021-24876
was published
Nov 30, 2021
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text...
Moderate
Unreviewed
CVE-2021-24883
was published
Nov 30, 2021
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback...
Moderate
Unreviewed
CVE-2021-24927
was published
Nov 30, 2021
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability....
Moderate
Unreviewed
CVE-2021-43695
was published
Nov 30, 2021
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before...
Moderate
Unreviewed
CVE-2021-24908
was published
Nov 30, 2021
An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2021-43692
was published
Nov 30, 2021
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In...
Moderate
Unreviewed
CVE-2021-43696
was published
Nov 30, 2021
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product...
Moderate
Unreviewed
CVE-2021-24811
was published
Nov 30, 2021
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the...
Moderate
Unreviewed
CVE-2021-24768
was published
Nov 30, 2021
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social...
Moderate
Unreviewed
CVE-2021-24745
was published
Nov 30, 2021
ProTip!
Advisories are also available from the
GraphQL API