GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
23,013 advisories
Filter by severity
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's...
Critical
Unreviewed
CVE-2021-26040
was published
May 24, 2022
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06...
Critical
Unreviewed
CVE-2021-37538
was published
May 24, 2022
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain...
Critical
Unreviewed
CVE-2021-38306
was published
May 24, 2022
SM2 Decryption Buffer Overflow
Critical
CVE-2021-3711
was published
for
openssl-src
(Rust)
May 24, 2022
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 750m11ac wireless...
Critical
Unreviewed
CVE-2021-39509
was published
May 24, 2022
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router via the HTTP...
Critical
Unreviewed
CVE-2021-39510
was published
May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation
Critical
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with...
Critical
Unreviewed
CVE-2021-39290
was published
May 24, 2022
The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the...
Critical
Unreviewed
CVE-2021-24551
was published
May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a...
Critical
Unreviewed
CVE-2021-3694
was published
May 24, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a...
Critical
Unreviewed
CVE-2021-3693
was published
May 24, 2022
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits...
Critical
Unreviewed
CVE-2021-38171
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock...
Critical
Unreviewed
CVE-2021-21826
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock...
Critical
Unreviewed
CVE-2021-21827
was published
May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock...
Critical
Unreviewed
CVE-2021-21828
was published
May 24, 2022
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by...
Critical
Unreviewed
CVE-2020-18879
was published
May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This...
Critical
Unreviewed
CVE-2020-25359
was published
May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists...
Critical
Unreviewed
CVE-2021-31226
was published
May 24, 2022
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below,...
Critical
Unreviewed
CVE-2021-32588
was published
May 24, 2022
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ...
Critical
Unreviewed
CVE-2020-35685
was published
May 24, 2022
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during...
Critical
Unreviewed
CVE-2021-39274
was published
May 24, 2022
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php ...
Critical
Unreviewed
CVE-2021-39302
was published
May 24, 2022
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.
Critical
Unreviewed
CVE-2021-37597
was published
May 24, 2022
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2021-37358
was published
May 24, 2022
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact...
Critical
Unreviewed
CVE-2020-25928
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API