GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
87,692 advisories
Filter by severity
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and...
High
Unreviewed
CVE-2021-24860
was published
Nov 30, 2021
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields...
High
Unreviewed
CVE-2021-24889
was published
Nov 30, 2021
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the...
High
Unreviewed
CVE-2021-24748
was published
Nov 30, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download...
High
Unreviewed
CVE-2021-38147
was published
Nov 30, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application...
High
Unreviewed
CVE-2021-38283
was published
Nov 30, 2021
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any...
High
Unreviewed
CVE-2019-8922
was published
Nov 30, 2021
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before...
High
Unreviewed
CVE-2021-24755
was published
Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A...
High
Unreviewed
CVE-2021-36328
was published
Dec 1, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to...
High
Unreviewed
CVE-2021-40101
was published
Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets...
High
Unreviewed
CVE-2021-43284
was published
Dec 1, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
High
Unreviewed
CVE-2021-43296
was published
Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection...
High
Unreviewed
CVE-2021-43283
was published
Dec 1, 2021
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This...
High
Unreviewed
CVE-2020-7880
was published
Dec 1, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control...
High
Unreviewed
CVE-2021-43771
was published
Dec 1, 2021
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read ...
High
Unreviewed
CVE-2021-44428
was published
Dec 1, 2021
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read ...
High
Unreviewed
CVE-2021-44429
was published
Dec 1, 2021
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the...
High
Unreviewed
CVE-2021-3725
was published
Dec 1, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel...
High
Unreviewed
CVE-2021-43137
was published
Dec 2, 2021
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
High
Unreviewed
CVE-2021-42776
was published
Dec 2, 2021
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number...
High
Unreviewed
CVE-2021-41039
was published
Dec 2, 2021
Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01...
High
Unreviewed
CVE-2021-20610
was published
Dec 2, 2021
Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware...
High
Unreviewed
CVE-2021-20609
was published
Dec 2, 2021
Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24"...
High
Unreviewed
CVE-2021-20611
was published
Dec 2, 2021
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2021-20400
was published
Dec 2, 2021
ProTip!
Advisories are also available from the
GraphQL API