Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

319 advisories

Loading
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it... Critical Unreviewed
CVE-2021-33806 was published May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29045 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2021-31474 was published May 24, 2022
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed
CVE-2021-32098 was published May 24, 2022
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to... Critical Unreviewed
CVE-2020-9493 was published May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message... Critical Unreviewed
CVE-2021-25274 was published May 24, 2022
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted... Critical Unreviewed
CVE-2021-21524 was published May 24, 2022
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Critical Unreviewed
CVE-2021-32075 was published May 24, 2022
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA... Critical Unreviewed
CVE-2021-3160 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed
CVE-2021-29200 was published May 24, 2022
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed
CVE-2020-10658 was published May 24, 2022
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute... Critical Unreviewed
CVE-2020-29047 was published May 24, 2022
The specific function of HR Portal of Soar Cloud System accepts any type of object to be... Critical Unreviewed
CVE-2021-22855 was published May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code... Critical Unreviewed
CVE-2021-27335 was published May 24, 2022
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because... Critical Unreviewed
CVE-2021-27213 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2020-27868 was published May 24, 2022
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on... Critical Unreviewed
CVE-2022-29063 was published Sep 3, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26914 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26913 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26915 was published May 24, 2022
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2020-4682 was published May 24, 2022
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote... Critical Unreviewed
CVE-2021-25294 was published May 24, 2022
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command... Critical Unreviewed
CVE-2020-24639 was published May 24, 2022
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2021-26912 was published May 24, 2022
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace... Critical Unreviewed
CVE-2021-25758 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API