GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
237,282 advisories
Filter by severity
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier...
Critical
Unreviewed
CVE-2021-20790
was published
May 24, 2022
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09,...
Critical
Unreviewed
CVE-2021-40684
was published
May 24, 2022
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service...
High
Unreviewed
CVE-2021-22008
was published
May 24, 2022
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4...
High
Unreviewed
CVE-2021-34415
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
High
Unreviewed
CVE-2021-40104
was published
May 24, 2022
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff...
High
Unreviewed
CVE-2020-35524
was published
May 24, 2022
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows...
High
Unreviewed
CVE-2020-24994
was published
May 24, 2022
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier)...
High
Unreviewed
CVE-2021-21059
was published
May 24, 2022
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots...
High
Unreviewed
CVE-2021-35197
was published
May 24, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept...
Moderate
Unreviewed
CVE-2021-36382
was published
May 24, 2022
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts...
High
Unreviewed
CVE-2021-0603
was published
May 24, 2022
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to...
High
Unreviewed
CVE-2021-0594
was published
May 24, 2022
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest...
High
Unreviewed
CVE-2021-0602
was published
May 24, 2022
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to...
Moderate
Unreviewed
CVE-2021-22233
was published
May 24, 2022
A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager...
Moderate
Unreviewed
CVE-2021-29152
was published
May 24, 2022
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery...
Critical
Unreviewed
CVE-2021-41393
was published
May 24, 2022
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing....
Moderate
Unreviewed
CVE-2021-21992
was published
May 24, 2022
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive...
High
Unreviewed
CVE-2021-40875
was published
May 24, 2022
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously...
High
Unreviewed
CVE-2021-40862
was published
May 24, 2022
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and...
Moderate
Unreviewed
CVE-2017-0060
was published
May 17, 2022
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
High
Unreviewed
CVE-2017-0103
was published
May 17, 2022
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT...
Moderate
Unreviewed
CVE-2016-5268
was published
May 17, 2022
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote...
High
Unreviewed
CVE-2008-6987
was published
May 17, 2022
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary...
High
Unreviewed
CVE-2008-6937
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5...
Moderate
Unreviewed
CVE-2008-6945
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API