Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

948 advisories

Loading
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could... High Unreviewed
CVE-2021-44094 was published Nov 29, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s... High Unreviewed
CVE-2021-42123 was published Dec 1, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute... High Unreviewed
CVE-2020-29176 was published Dec 4, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42125 was published Dec 8, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report... High Unreviewed
CVE-2021-21957 was published Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The... High Unreviewed
CVE-2021-36719 was published Dec 9, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior... High Unreviewed
CVE-2021-27860 was published Dec 9, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading... High Unreviewed
CVE-2021-27984 was published Dec 11, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An... High Unreviewed
CVE-2021-41870 was published Dec 16, 2021
The "Log alert to a file" action within action management enables any Orion Platform user with... High Unreviewed
CVE-2021-35244 was published Dec 21, 2021
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management... High Unreviewed
CVE-2021-46079 was published Jan 7, 2022
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker... High Unreviewed
CVE-2021-46076 was published Jan 7, 2022
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows... High Unreviewed
CVE-2021-43973 was published Jan 12, 2022
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the... High Unreviewed
CVE-2021-44651 was published Jan 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34997 was published Jan 14, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2021-34995 was published Jan 14, 2022
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by... High Unreviewed
CVE-2021-33828 was published Jan 16, 2022
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. High Unreviewed
CVE-2021-41550 was published Jan 19, 2022
jpress v4.2.0 allows users to register an account by default. With the account, user can upload... High Unreviewed
CVE-2021-45808 was published Jan 20, 2022
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution... High Unreviewed
CVE-2021-46113 was published Jan 26, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController... High Unreviewed
CVE-2021-46116 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The... High Unreviewed
CVE-2021-46115 was published Jan 27, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,... High Unreviewed
CVE-2021-44123 was published Jan 27, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php... High Unreviewed
CVE-2021-46097 was published Jan 28, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)... High Unreviewed
CVE-2021-37194 was published Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database