GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it...
Critical
Unreviewed
CVE-2021-33806
was published
May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2020-29045
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2021-31474
was published
May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
Critical
Unreviewed
CVE-2021-32098
was published
May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to...
Critical
Unreviewed
CVE-2020-9493
was published
May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message...
Critical
Unreviewed
CVE-2021-25274
was published
May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted...
Critical
Unreviewed
CVE-2021-21524
was published
May 24, 2022
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
Critical
Unreviewed
CVE-2021-32075
was published
May 24, 2022
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA...
Critical
Unreviewed
CVE-2021-3160
was published
May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can...
Critical
Unreviewed
CVE-2021-29200
was published
May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains...
Critical
Unreviewed
CVE-2020-10658
was published
May 24, 2022
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2020-29047
was published
May 24, 2022
The specific function of HR Portal of Soar Cloud System accepts any type of object to be...
Critical
Unreviewed
CVE-2021-22855
was published
May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code...
Critical
Unreviewed
CVE-2021-27335
was published
May 24, 2022
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because...
Critical
Unreviewed
CVE-2021-27213
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
Critical
Unreviewed
CVE-2020-27868
was published
May 24, 2022
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on...
Critical
Unreviewed
CVE-2022-29063
was published
Sep 3, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to...
Critical
Unreviewed
CVE-2021-26914
was published
May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to...
Critical
Unreviewed
CVE-2021-26913
was published
May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to...
Critical
Unreviewed
CVE-2021-26915
was published
May 24, 2022
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-4682
was published
May 24, 2022
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote...
Critical
Unreviewed
CVE-2021-25294
was published
May 24, 2022
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command...
Critical
Unreviewed
CVE-2020-24639
was published
May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to...
Critical
Unreviewed
CVE-2021-26912
was published
May 24, 2022
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace...
Critical
Unreviewed
CVE-2021-25758
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API