Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,355 advisories

Loading
Use After Free in node.js Critical Unreviewed
CVE-2021-22930 was published Oct 8, 2021
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. Critical Unreviewed
CVE-2021-32234 was published Nov 17, 2021
Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target... Critical Unreviewed
CVE-2021-42114 was published Nov 17, 2021
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,... Critical Unreviewed
CVE-2021-41435 was published Nov 20, 2021
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP... Critical Unreviewed
CVE-2021-37592 was published Nov 20, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass... Critical Unreviewed
CVE-2021-36320 was published Nov 21, 2021
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a... Critical Unreviewed
CVE-2021-44143 was published Nov 23, 2021
Using the parameter of getPFXFolderList function, attackers can see the information of... Critical Unreviewed
CVE-2020-7882 was published Nov 23, 2021
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to... Critical Unreviewed
CVE-2021-42785 was published Nov 24, 2021
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR... Critical Unreviewed
CVE-2021-42783 was published Nov 24, 2021
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker... Critical Unreviewed
CVE-2021-38002 was published Nov 24, 2021
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A... Critical Unreviewed
CVE-2021-36312 was published Nov 24, 2021
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... Critical Unreviewed
CVE-2021-37022 was published Nov 24, 2021
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is... Critical Unreviewed
CVE-2021-36916 was published Nov 25, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability... Critical Unreviewed
CVE-2021-22049 was published Nov 25, 2021
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Critical Unreviewed
CVE-2021-44219 was published Nov 26, 2021
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows... Critical Unreviewed
CVE-2021-26611 was published Nov 27, 2021
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited,... Critical Unreviewed
CVE-2021-38685 was published Nov 27, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file... Critical Unreviewed
CVE-2021-43691 was published Nov 30, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. Critical Unreviewed
CVE-2021-43693 was published Nov 30, 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and... Critical Unreviewed
CVE-2021-44077 was published Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration... Critical Unreviewed
CVE-2021-36330 was published Dec 1, 2021
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection... Critical Unreviewed
CVE-2021-43319 was published Dec 1, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Critical Unreviewed
CVE-2021-42099 was published Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database