GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,388
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,090
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,456

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

100,303 advisories

Filter by severity

Sort by

Least recently updated

A local administrator could prevent the HMPA service from starting despite tamper protection... Moderate Unreviewed

CVE-2021-25269 was published Nov 27, 2021

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message... Moderate Unreviewed

CVE-2021-44225 was published Nov 27, 2021

Cross-site scripting (XSS) was possible in notification pop-ups. The following products are... Moderate Unreviewed

CVE-2021-44201 was published Nov 30, 2021

DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber... Moderate Unreviewed

CVE-2021-44199 was published Nov 30, 2021

Stored cross-site scripting (XSS) was possible in protection plan details. The following products... Moderate Unreviewed

CVE-2021-44203 was published Nov 30, 2021

Stored cross-site scripting (XSS) was possible in activity details. The following products are... Moderate Unreviewed

CVE-2021-44202 was published Nov 30, 2021

Self cross-site scripting (XSS) was possible on devices page. The following products are affected... Moderate Unreviewed

CVE-2021-44200 was published Nov 30, 2021

An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS)... Moderate Unreviewed

CVE-2021-43697 was published Nov 30, 2021

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed

CVE-2021-42365 was published Nov 30, 2021

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image... Moderate Unreviewed

CVE-2021-3802 was published Nov 30, 2021

Some Huawei products use the OpenHpi software for hardware management. A function that parses... Moderate Unreviewed

CVE-2021-39995 was published Nov 30, 2021

An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In... Moderate Unreviewed

CVE-2021-43698 was published Nov 30, 2021

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or... Moderate Unreviewed

CVE-2021-24918 was published Nov 30, 2021

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels... Moderate Unreviewed

CVE-2021-24899 was published Nov 30, 2021

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v... Moderate Unreviewed

CVE-2021-24876 was published Nov 30, 2021

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text... Moderate Unreviewed

CVE-2021-24883 was published Nov 30, 2021

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback... Moderate Unreviewed

CVE-2021-24927 was published Nov 30, 2021

An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability.... Moderate Unreviewed

CVE-2021-43695 was published Nov 30, 2021

The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before... Moderate Unreviewed

CVE-2021-24908 was published Nov 30, 2021

An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In... Moderate Unreviewed

CVE-2021-43696 was published Nov 30, 2021

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed

CVE-2021-24842 was published Nov 30, 2021

An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS)... Moderate Unreviewed

CVE-2021-43692 was published Nov 30, 2021

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product... Moderate Unreviewed

CVE-2021-24811 was published Nov 30, 2021

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the... Moderate Unreviewed

CVE-2021-24768 was published Nov 30, 2021

The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social... Moderate Unreviewed

CVE-2021-24745 was published Nov 30, 2021

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

100,303 advisories