GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,678
Composer 4,237
Erlang 31
GitHub Actions 20
Go 1,998
Maven 5,182
npm 3,710
NuGet 661
pip 3,364
Pub 11
RubyGems 885
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 235,068

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,573 advisories

Filter by severity

Sort by

Least recently updated

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread... Critical Unreviewed

CVE-2020-36329 was published May 24, 2022

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function... Critical Unreviewed

CVE-2018-25014 was published May 24, 2022

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function... Critical Unreviewed

CVE-2018-25013 was published May 24, 2022

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... Critical Unreviewed

CVE-2021-27459 was published May 24, 2022

KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via... Critical Unreviewed

CVE-2021-20721 was published May 24, 2022

SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to... Critical Unreviewed

CVE-2021-20720 was published May 24, 2022

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of... Critical Unreviewed

CVE-2017-17674 was published May 24, 2022

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary... Critical Unreviewed

CVE-2021-33204 was published May 24, 2022

An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration... Critical Unreviewed

CVE-2020-36364 was published May 24, 2022

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when... Critical Unreviewed

CVE-2020-20951 was published May 24, 2022

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell... Critical Unreviewed

CVE-2021-32305 was published May 24, 2022

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary... Critical Unreviewed

CVE-2020-18178 was published May 24, 2022

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the ... Critical Unreviewed

CVE-2021-31316 was published May 24, 2022

The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection... Critical Unreviewed

CVE-2021-31324 was published May 24, 2022

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01... Critical Unreviewed

CVE-2021-27734 was published May 24, 2022

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data... Critical Unreviewed

CVE-2020-4670 was published May 24, 2022

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented... Critical Unreviewed

CVE-2020-4669 was published May 24, 2022

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET... Critical Unreviewed

CVE-2021-24314 was published May 24, 2022

Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01... Critical Unreviewed

CVE-2021-22668 was published May 24, 2022

Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. Critical Unreviewed

CVE-2021-32615 was published May 24, 2022

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin... Critical Unreviewed

CVE-2021-24285 was published May 24, 2022

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file... Critical Unreviewed

CVE-2021-24284 was published May 24, 2022

Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by... Critical Unreviewed

CVE-2020-18166 was published May 24, 2022

YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. Critical Unreviewed

CVE-2020-23691 was published May 24, 2022

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4... Critical Unreviewed

CVE-2021-3402 was published May 24, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,573 advisories