Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,282 advisories

Loading
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which... Critical Unreviewed
CVE-2021-37928 was published May 24, 2022
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which... Critical Unreviewed
CVE-2021-37926 was published May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which... Critical Unreviewed
CVE-2021-37931 was published May 24, 2022
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which... Critical Unreviewed
CVE-2021-37930 was published May 24, 2022
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An... Critical Unreviewed
CVE-2021-42013 was published May 24, 2022
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command... Critical Unreviewed
CVE-2021-42071 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. Critical Unreviewed
CVE-2021-42094 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed
CVE-2021-42090 was published May 24, 2022
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public... Critical Unreviewed
CVE-2020-21865 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed
CVE-2021-42091 was published May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed
CVE-2021-24019 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL... Critical Unreviewed
CVE-2021-29798 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL... Critical Unreviewed
CVE-2021-29903 was published May 24, 2022
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a... Critical Unreviewed
CVE-2021-29908 was published May 24, 2022
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to... Critical Unreviewed
CVE-2021-38923 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web... Critical Unreviewed
CVE-2021-41553 was published May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed
CVE-2021-37333 was published May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to... Critical Unreviewed
CVE-2021-35296 was published May 24, 2022
The username and password field of login in Lodging Reservation Management System V1 can give... Critical Unreviewed
CVE-2021-41511 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
Login with hash: The login routine allows the client to log in to the system not by using the... Critical Unreviewed
CVE-2021-23857 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. Critical Unreviewed
CVE-2020-20797 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database