GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,610 advisories
Filter by severity
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
Critical
Unreviewed
CVE-2021-32234
was published
Nov 17, 2021
Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target...
Critical
Unreviewed
CVE-2021-42114
was published
Nov 17, 2021
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,...
Critical
Unreviewed
CVE-2021-41435
was published
Nov 20, 2021
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP...
Critical
Unreviewed
CVE-2021-37592
was published
Nov 20, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass...
Critical
Unreviewed
CVE-2021-36320
was published
Nov 21, 2021
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a...
Critical
Unreviewed
CVE-2021-44143
was published
Nov 23, 2021
Using the parameter of getPFXFolderList function, attackers can see the information of...
Critical
Unreviewed
CVE-2020-7882
was published
Nov 23, 2021
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to...
Critical
Unreviewed
CVE-2021-42785
was published
Nov 24, 2021
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR...
Critical
Unreviewed
CVE-2021-42783
was published
Nov 24, 2021
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker...
Critical
Unreviewed
CVE-2021-38002
was published
Nov 24, 2021
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A...
Critical
Unreviewed
CVE-2021-36312
was published
Nov 24, 2021
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation...
Critical
Unreviewed
CVE-2021-37022
was published
Nov 24, 2021
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is...
Critical
Unreviewed
CVE-2021-36916
was published
Nov 25, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability...
Critical
Unreviewed
CVE-2021-22049
was published
Nov 25, 2021
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
Critical
Unreviewed
CVE-2021-44219
was published
Nov 26, 2021
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited,...
Critical
Unreviewed
CVE-2021-38685
was published
Nov 27, 2021
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows...
Critical
Unreviewed
CVE-2021-26611
was published
Nov 27, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file...
Critical
Unreviewed
CVE-2021-43691
was published
Nov 30, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not...
Critical
Unreviewed
CVE-2021-24915
was published
Nov 30, 2021
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Critical
Unreviewed
CVE-2021-43693
was published
Nov 30, 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and...
Critical
Unreviewed
CVE-2021-44077
was published
Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration...
Critical
Unreviewed
CVE-2021-36330
was published
Dec 1, 2021
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection...
Critical
Unreviewed
CVE-2021-43319
was published
Dec 1, 2021
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
Critical
Unreviewed
CVE-2021-42099
was published
Dec 1, 2021
ProTip!
Advisories are also available from the
GraphQL API