Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

704 advisories

Loading
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. Critical Unreviewed
CVE-2020-21784 was published May 24, 2022
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php)... Critical Unreviewed
CVE-2021-24376 was published May 24, 2022
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4... Critical Unreviewed
CVE-2020-25414 was published May 24, 2022
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through... Critical Unreviewed
CVE-2020-10666 was published May 24, 2022
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the... Critical Unreviewed
CVE-2021-30461 was published May 24, 2022
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40... Critical Unreviewed
CVE-2021-22519 was published May 24, 2022
An arbitrary code execution vulnerability exists in Micro Focus Application Performance... Critical Unreviewed
CVE-2021-22514 was published May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab... Critical Unreviewed
CVE-2021-22205 was published May 24, 2022
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain... Critical Unreviewed
CVE-2021-27602 was published May 24, 2022
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval... Critical Unreviewed
CVE-2021-23277 was published May 24, 2022
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code... Critical Unreviewed
CVE-2021-23281 was published May 24, 2022
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request... Critical Unreviewed
CVE-2021-26810 was published May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893,... Critical Unreviewed
CVE-2021-26877 was published May 24, 2022
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by... Critical Unreviewed
CVE-2019-25022 was published May 24, 2022
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows... Critical Unreviewed
CVE-2021-27236 was published May 24, 2022
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the... Critical Unreviewed
CVE-2021-26753 was published May 24, 2022
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required... Critical Unreviewed
CVE-2021-21477 was published May 24, 2022
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product,... Critical Unreviewed
CVE-2021-22502 was published May 24, 2022
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with... Critical Unreviewed
CVE-2021-20623 was published May 24, 2022
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible,... Critical Unreviewed
CVE-2021-25770 was published May 24, 2022
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code... Critical Unreviewed
CVE-2020-35458 was published May 24, 2022
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow... Critical Unreviewed
CVE-2020-8584 was published May 24, 2022
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command... Critical Unreviewed
CVE-2020-35131 was published May 24, 2022
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Critical Unreviewed
CVE-2020-11103 was published May 24, 2022
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2020-17142 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database