GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,106 advisories
Filter by severity
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination...
Critical
Unreviewed
CVE-2020-11188
was published
May 24, 2022
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework...
Critical
Unreviewed
CVE-2021-26987
was published
May 24, 2022
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication,...
Critical
Unreviewed
CVE-2020-28899
was published
May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote...
Critical
Unreviewed
CVE-2020-24264
was published
May 24, 2022
ShopXO RCE Vulnerability
Critical
CVE-2021-27817
was published
for
shopxo/shopxo
(Composer)
May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On...
Critical
Unreviewed
CVE-2020-35358
was published
May 24, 2022
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary...
Critical
Unreviewed
CVE-2020-28149
was published
May 24, 2022
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to...
Critical
Unreviewed
CVE-2020-24877
was published
May 24, 2022
Fix a use-after-free bug in diesels Sqlite backend
Critical
CVE-2021-28305
was published
for
diesel
(Rust)
May 24, 2022
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM)...
Critical
Unreviewed
CVE-2021-27646
was published
May 24, 2022
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM...
Critical
Unreviewed
CVE-2021-27647
was published
May 24, 2022
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead...
Critical
Unreviewed
CVE-2021-20231
was published
May 24, 2022
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext...
Critical
Unreviewed
CVE-2021-20232
was published
May 24, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access....
Critical
Unreviewed
CVE-2021-28154
was published
May 24, 2022
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC...
Critical
Unreviewed
CVE-2021-28134
was published
May 24, 2022
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution...
Critical
Unreviewed
CVE-2021-28132
was published
May 24, 2022
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows...
Critical
Unreviewed
CVE-2021-28141
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26895
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26893
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26897
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26894
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893,...
Critical
Unreviewed
CVE-2021-26877
was published
May 24, 2022
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability...
Critical
Unreviewed
CVE-2021-22714
was published
May 24, 2022
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of...
Critical
Unreviewed
CVE-2020-1900
was published
May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2020-29045
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API