GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,303 advisories
Filter by severity
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before...
Moderate
Unreviewed
CVE-2017-20008
was published
Nov 30, 2021
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk...
Moderate
Unreviewed
CVE-2021-24749
was published
Nov 30, 2021
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and...
Moderate
Unreviewed
CVE-2021-24822
was published
Nov 30, 2021
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML...
Moderate
Unreviewed
CVE-2021-21707
was published
Nov 30, 2021
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container...
Moderate
Unreviewed
CVE-2021-24751
was published
Nov 30, 2021
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the...
Moderate
Unreviewed
CVE-2019-8921
was published
Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference...
Moderate
Unreviewed
CVE-2021-36329
was published
Dec 1, 2021
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the...
Moderate
Unreviewed
CVE-2021-36326
was published
Dec 1, 2021
The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the...
Moderate
Unreviewed
CVE-2021-31787
was published
Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery...
Moderate
Unreviewed
CVE-2021-36327
was published
Dec 1, 2021
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for...
Moderate
Unreviewed
CVE-2021-44230
was published
Dec 1, 2021
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0...
Moderate
Unreviewed
CVE-2021-42564
was published
Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is...
Moderate
Unreviewed
CVE-2021-43282
was published
Dec 1, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts...
Moderate
Unreviewed
CVE-2021-43295
was published
Dec 1, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products...
Moderate
Unreviewed
CVE-2021-43294
was published
Dec 1, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a...
Moderate
Unreviewed
CVE-2021-38958
was published
Dec 1, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute...
Moderate
Unreviewed
CVE-2021-38967
was published
Dec 1, 2021
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of...
Moderate
Unreviewed
CVE-2021-38999
was published
Dec 1, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2021-39000
was published
Dec 1, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42120
was published
Dec 1, 2021
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42118
was published
Dec 1, 2021
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42119
was published
Dec 1, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42121
was published
Dec 1, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42122
was published
Dec 1, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
ProTip!
Advisories are also available from the
GraphQL API