GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,229 advisories
Filter by severity
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination...
Critical
Unreviewed
CVE-2020-11188
was published
May 24, 2022
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework...
Critical
Unreviewed
CVE-2021-26987
was published
May 24, 2022
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication,...
Critical
Unreviewed
CVE-2020-28899
was published
May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote...
Critical
Unreviewed
CVE-2020-24264
was published
May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On...
Critical
Unreviewed
CVE-2020-35358
was published
May 24, 2022
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary...
Critical
Unreviewed
CVE-2020-28149
was published
May 24, 2022
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to...
Critical
Unreviewed
CVE-2020-24877
was published
May 24, 2022
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM)...
Critical
Unreviewed
CVE-2021-27646
was published
May 24, 2022
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM...
Critical
Unreviewed
CVE-2021-27647
was published
May 24, 2022
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead...
Critical
Unreviewed
CVE-2021-20231
was published
May 24, 2022
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext...
Critical
Unreviewed
CVE-2021-20232
was published
May 24, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access....
Critical
Unreviewed
CVE-2021-28154
was published
May 24, 2022
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows...
Critical
Unreviewed
CVE-2021-28141
was published
May 24, 2022
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution...
Critical
Unreviewed
CVE-2021-28132
was published
May 24, 2022
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC...
Critical
Unreviewed
CVE-2021-28134
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26893
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26897
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26895
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877,...
Critical
Unreviewed
CVE-2021-26894
was published
May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893,...
Critical
Unreviewed
CVE-2021-26877
was published
May 24, 2022
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability...
Critical
Unreviewed
CVE-2021-22714
was published
May 24, 2022
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2020-29045
was published
May 24, 2022
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of...
Critical
Unreviewed
CVE-2020-1900
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name()...
Critical
Unreviewed
CVE-2016-20009
was published
May 24, 2022
Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker...
Critical
Unreviewed
CVE-2021-28119
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API