Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,013 advisories

Loading
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's... Critical Unreviewed
CVE-2021-26040 was published May 24, 2022
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06... Critical Unreviewed
CVE-2021-37538 was published May 24, 2022
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain... Critical Unreviewed
CVE-2021-38306 was published May 24, 2022
SM2 Decryption Buffer Overflow Critical
CVE-2021-3711 was published for openssl-src (Rust) May 24, 2022
another-rex
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 750m11ac wireless... Critical Unreviewed
CVE-2021-39509 was published May 24, 2022
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router via the HTTP... Critical Unreviewed
CVE-2021-39510 was published May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation Critical
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with... Critical Unreviewed
CVE-2021-39290 was published May 24, 2022
The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the... Critical Unreviewed
CVE-2021-24551 was published May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a... Critical Unreviewed
CVE-2021-3694 was published May 24, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a... Critical Unreviewed
CVE-2021-3693 was published May 24, 2022
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits... Critical Unreviewed
CVE-2021-38171 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock... Critical Unreviewed
CVE-2021-21826 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock... Critical Unreviewed
CVE-2021-21827 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock... Critical Unreviewed
CVE-2021-21828 was published May 24, 2022
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by... Critical Unreviewed
CVE-2020-18879 was published May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This... Critical Unreviewed
CVE-2020-25359 was published May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists... Critical Unreviewed
CVE-2021-31226 was published May 24, 2022
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below,... Critical Unreviewed
CVE-2021-32588 was published May 24, 2022
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ... Critical Unreviewed
CVE-2020-35685 was published May 24, 2022
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during... Critical Unreviewed
CVE-2021-39274 was published May 24, 2022
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php ... Critical Unreviewed
CVE-2021-39302 was published May 24, 2022
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. Critical Unreviewed
CVE-2021-37597 was published May 24, 2022
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2021-37358 was published May 24, 2022
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact... Critical Unreviewed
CVE-2020-25928 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database