GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,354

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,510 advisories

Filter by severity

Sort by

Least recently updated

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when... Critical Unreviewed

CVE-2021-20204 was published May 24, 2022

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Critical Unreviewed

CVE-2021-30473 was published May 24, 2022

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows... Critical Unreviewed

CVE-2021-32030 was published May 24, 2022

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a... Critical Unreviewed

CVE-2021-28152 was published May 24, 2022

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which... Critical Unreviewed

CVE-2020-18890 was published May 24, 2022

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of... Critical Unreviewed

CVE-2021-31737 was published May 24, 2022

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a ... Critical Unreviewed

CVE-2021-32055 was published May 24, 2022

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also... Critical Unreviewed

CVE-2021-29203 was published May 24, 2022

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database,... Critical Unreviewed

CVE-2020-36333 was published May 24, 2022

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker... Critical Unreviewed

CVE-2020-4979 was published May 24, 2022

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a... Critical Unreviewed

CVE-2016-20010 was published May 24, 2022

Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2020-23083 was published May 24, 2022

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during... Critical Unreviewed

CVE-2021-32020 was published May 24, 2022

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication... Critical Unreviewed

CVE-2020-35758 was published May 24, 2022

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root... Critical Unreviewed

CVE-2020-35757 was published May 24, 2022

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX... Critical Unreviewed

CVE-2021-21507 was published May 24, 2022

An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in... Critical Unreviewed

CVE-2021-31873 was published May 24, 2022

An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio... Critical Unreviewed

CVE-2021-31872 was published May 24, 2022

An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result... Critical Unreviewed

CVE-2021-31870 was published May 24, 2022

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an... Critical Unreviewed

CVE-2020-24918 was published May 24, 2022

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands... Critical Unreviewed

CVE-2020-18070 was published May 24, 2022

Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory... Critical Unreviewed

CVE-2021-28959 was published May 24, 2022

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with... Critical Unreviewed

CVE-2021-25812 was published May 24, 2022

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. Critical Unreviewed

CVE-2020-22807 was published May 24, 2022

The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote... Critical Unreviewed

CVE-2021-30234 was published May 24, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,510 advisories