Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote... Critical Unreviewed
CVE-2021-29996 was published May 24, 2022
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. Critical Unreviewed
CVE-2020-21585 was published May 24, 2022
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service... Critical Unreviewed
CVE-2021-20078 was published May 24, 2022
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045... Critical Unreviewed
CVE-2021-28670 was published May 24, 2022
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use... Critical Unreviewed
CVE-2021-26295 was published May 24, 2022
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character... Critical Unreviewed
CVE-2020-1917 was published May 24, 2022
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding... Critical Unreviewed
CVE-2021-24115 was published May 24, 2022
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. Critical Unreviewed
CVE-2021-3346 was published May 24, 2022
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server... Critical Unreviewed
CVE-2021-3199 was published May 24, 2022
In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-based buffer overflow when... Critical Unreviewed
CVE-2020-27221 was published May 24, 2022
The default setting of MISP 2.4.136 did not enable the requirements (aka... Critical Unreviewed
CVE-2021-25323 was published May 24, 2022
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the... Critical Unreviewed
CVE-2020-35851 was published May 24, 2022
An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression... Critical Unreviewed
CVE-2020-24338 was published May 24, 2022
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload... Critical Unreviewed
CVE-2020-24202 was published May 24, 2022
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path... Critical Unreviewed
CVE-2020-7376 was published May 24, 2022
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16,... Critical Unreviewed
CVE-2020-10731 was published May 24, 2022
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY... Critical Unreviewed
CVE-2020-16165 was published May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has... Critical Unreviewed
CVE-2020-16088 was published May 24, 2022
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative... Critical Unreviewed
CVE-2020-15921 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config... Critical Unreviewed
CVE-2020-15324 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager... Critical Unreviewed
CVE-2020-15348 was published May 24, 2022
A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine)... Critical Unreviewed
CVE-2020-15007 was published May 24, 2022
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This... Critical Unreviewed
CVE-2020-10276 was published May 24, 2022
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated... Critical Unreviewed
CVE-2020-3258 was published May 24, 2022
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated... Critical Unreviewed
CVE-2020-3198 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database