GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of...
Critical
Unreviewed
CVE-2021-37042
was published
Dec 8, 2021
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of...
Critical
Unreviewed
CVE-2021-37041
was published
Dec 8, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using...
Critical
Unreviewed
CVE-2021-42127
was published
Dec 8, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using...
Critical
Unreviewed
CVE-2021-42128
was published
Dec 8, 2021
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below...
Critical
Unreviewed
CVE-2021-29114
was published
Dec 8, 2021
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in...
Critical
Unreviewed
CVE-2021-4048
was published
Dec 9, 2021
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an...
Critical
Unreviewed
CVE-2021-44529
was published
Dec 9, 2021
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap...
Critical
Unreviewed
CVE-2021-43527
was published
Dec 9, 2021
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use...
Critical
Unreviewed
CVE-2021-38504
was published
Dec 9, 2021
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to...
Critical
Unreviewed
CVE-2021-38503
was published
Dec 9, 2021
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST...
Critical
Unreviewed
CVE-2021-21950
was published
Dec 9, 2021
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST...
Critical
Unreviewed
CVE-2021-21951
was published
Dec 9, 2021
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4...
Critical
Unreviewed
CVE-2021-41025
was published
Dec 9, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper...
Critical
Unreviewed
CVE-2020-27416
was published
Dec 9, 2021
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7...
Critical
Unreviewed
CVE-2021-41030
was published
Dec 9, 2021
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3...
Critical
Unreviewed
CVE-2021-41063
was published
Dec 9, 2021
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation...
Critical
Unreviewed
CVE-2021-37049
was published
Dec 9, 2021
There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37051
was published
Dec 9, 2021
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2021-37045
was published
Dec 9, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS...
Critical
Unreviewed
CVE-2021-26109
was published
Dec 9, 2021
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is...
Critical
Unreviewed
CVE-2021-44557
was published
Dec 9, 2021
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected...
Critical
Unreviewed
CVE-2021-44556
was published
Dec 9, 2021
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a...
Critical
Unreviewed
CVE-2021-20045
was published
Dec 9, 2021
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary...
Critical
Unreviewed
CVE-2021-20042
was published
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API