GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,966 advisories
Filter by severity
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA...
Critical
Unreviewed
CVE-2021-3160
was published
May 24, 2022
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions...
Critical
Unreviewed
CVE-2020-25784
was published
May 24, 2022
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions...
Critical
Unreviewed
CVE-2020-25785
was published
May 24, 2022
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2020-4682
was published
May 24, 2022
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions...
Critical
Unreviewed
CVE-2020-25783
was published
May 24, 2022
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions...
Critical
Unreviewed
CVE-2020-25782
was published
May 24, 2022
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation...
Critical
Unreviewed
CVE-2021-3325
was published
May 24, 2022
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the...
Critical
Unreviewed
CVE-2021-25311
was published
May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where...
Critical
Unreviewed
CVE-2020-23360
was published
May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for...
Critical
Unreviewed
CVE-2020-23361
was published
May 24, 2022
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform...
Critical
Unreviewed
CVE-2021-3304
was published
May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because...
Critical
Unreviewed
CVE-2020-23359
was published
May 24, 2022
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server...
Critical
Unreviewed
CVE-2021-3199
was published
May 24, 2022
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when...
Critical
Unreviewed
CVE-2021-3185
was published
May 24, 2022
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Critical
Unreviewed
CVE-2021-3188
was published
May 24, 2022
Local Service Search Engine Management System 1.0 has a vulnerability through authentication...
Critical
Unreviewed
CVE-2021-3278
was published
May 24, 2022
Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0...
Critical
Unreviewed
CVE-2021-3193
was published
May 24, 2022
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is...
Critical
Unreviewed
CVE-2021-3286
was published
May 24, 2022
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server...
Critical
Unreviewed
CVE-2020-6779
was published
May 24, 2022
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin...
Critical
Unreviewed
CVE-2020-35263
was published
May 24, 2022
Student Result Management System In PHP With Source Code is affected by SQL injection. An...
Critical
Unreviewed
CVE-2020-35270
was published
May 24, 2022
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the...
Critical
Unreviewed
CVE-2020-28998
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by...
Critical
Unreviewed
CVE-2020-27583
was published
May 24, 2022
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to...
Critical
Unreviewed
CVE-2020-27299
was published
May 24, 2022
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater...
Critical
Unreviewed
CVE-2020-27539
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API