Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,282 advisories

Loading
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Critical Unreviewed
CVE-2021-36365 was published May 24, 2022
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. Critical Unreviewed
CVE-2021-36364 was published May 24, 2022
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Critical Unreviewed
CVE-2021-36363 was published May 24, 2022
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. Critical Unreviewed
CVE-2021-36366 was published May 24, 2022
A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. Critical Unreviewed
CVE-2021-38303 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34351 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34348 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external... Critical Unreviewed
CVE-2021-40098 was published May 24, 2022
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate... Critical Unreviewed
CVE-2021-33907 was published May 24, 2022
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can... Critical Unreviewed
CVE-2021-22272 was published May 24, 2022
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a... Critical Unreviewed
CVE-2021-36219 was published May 24, 2022
The network address administrative settings web portal for the Zoom on-premise Meeting Connector... Critical Unreviewed
CVE-2021-34416 was published May 24, 2022
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to... Critical Unreviewed
CVE-2021-37539 was published May 24, 2022
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations'... Critical Unreviewed
CVE-2021-24666 was published May 24, 2022
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0... Critical Unreviewed
CVE-2021-36880 was published May 24, 2022
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0... Critical Unreviewed
CVE-2021-36879 was published May 24, 2022
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload... Critical Unreviewed
CVE-2021-37761 was published May 24, 2022
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of... Critical Unreviewed
CVE-2021-40329 was published May 24, 2022
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via... Critical Unreviewed
CVE-2021-41558 was published May 24, 2022
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5... Critical Unreviewed
CVE-2021-37270 was published May 24, 2022
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2021-20034 was published May 24, 2022
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to... Critical Unreviewed
CVE-2021-22869 was published May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed
CVE-2021-40102 was published May 24, 2022
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS... Critical Unreviewed
CVE-2021-1619 was published May 24, 2022
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an... Critical Unreviewed
CVE-2021-34727 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database