GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
23,060 advisories
Filter by severity
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with...
Critical
Unreviewed
CVE-2021-34565
was published
May 24, 2022
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to...
Critical
Unreviewed
CVE-2021-35222
was published
May 24, 2022
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor...
Critical
Unreviewed
CVE-2021-22943
was published
May 24, 2022
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL...
Critical
Unreviewed
CVE-2021-37749
was published
May 24, 2022
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart...
Critical
Unreviewed
CVE-2020-15744
was published
May 24, 2022
A conference management system of ZTE is impacted by a command execution vulnerability. Since the...
Critical
Unreviewed
CVE-2021-21741
was published
May 24, 2022
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a...
Critical
Unreviewed
CVE-2021-27663
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may...
Critical
Unreviewed
CVE-2021-32955
was published
May 24, 2022
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta...
Critical
Unreviewed
CVE-2021-32983
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new...
Critical
Unreviewed
CVE-2021-32967
was published
May 24, 2022
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in...
Critical
Unreviewed
CVE-2021-33055
was published
May 24, 2022
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of...
Critical
Unreviewed
CVE-2021-38390
was published
May 24, 2022
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of...
Critical
Unreviewed
CVE-2021-38391
was published
May 24, 2022
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of...
Critical
Unreviewed
CVE-2021-38393
was published
May 24, 2022
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml...
Critical
Unreviewed
CVE-2021-34066
was published
May 24, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are...
Critical
Unreviewed
CVE-2021-34646
was published
May 24, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access...
Critical
Unreviewed
CVE-2021-37421
was published
May 24, 2022
Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper...
Critical
Unreviewed
CVE-2021-37417
was published
May 24, 2022
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote...
Critical
Unreviewed
CVE-2021-40175
was published
May 24, 2022
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.
Critical
Unreviewed
CVE-2020-20675
was published
May 24, 2022
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
Critical
Unreviewed
CVE-2021-40177
was published
May 24, 2022
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry...
Critical
Unreviewed
CVE-2021-40153
was published
May 24, 2022
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform...
Critical
Unreviewed
CVE-2020-18106
was published
May 24, 2022
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows...
Critical
Unreviewed
CVE-2020-18114
was published
May 24, 2022
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code...
Critical
Unreviewed
CVE-2021-37334
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API