GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,141 advisories
Filter by severity
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote...
Critical
Unreviewed
CVE-2021-21154
was published
May 24, 2022
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to...
Critical
Unreviewed
CVE-2021-21151
was published
May 24, 2022
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a...
Critical
Unreviewed
CVE-2021-21155
was published
May 24, 2022
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote...
Critical
Unreviewed
CVE-2021-21150
was published
May 24, 2022
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3...
Critical
Unreviewed
CVE-2021-3120
was published
May 24, 2022
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access...
Critical
Unreviewed
CVE-2021-27228
was published
May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might...
Critical
Unreviewed
CVE-2021-27514
was published
May 24, 2022
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding...
Critical
Unreviewed
CVE-2021-24115
was published
May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote...
Critical
Unreviewed
CVE-2020-21224
was published
May 24, 2022
Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE...
Critical
Unreviewed
CVE-2020-11275
was published
May 24, 2022
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response...
Critical
Unreviewed
CVE-2020-11276
was published
May 24, 2022
A buffer overflow can occur when playing an MKV clip due to lack of input validation in...
Critical
Unreviewed
CVE-2020-11283
was published
May 24, 2022
Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be...
Critical
Unreviewed
CVE-2020-11272
was published
May 24, 2022
Out of bound memory access while playing music playbacks with crafted vorbis content due to...
Critical
Unreviewed
CVE-2020-11170
was published
May 24, 2022
Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation...
Critical
Unreviewed
CVE-2020-11163
was published
May 24, 2022
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote...
Critical
Unreviewed
CVE-2021-3210
was published
May 24, 2022
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C...
Critical
Unreviewed
CVE-2021-20587
was published
May 24, 2022
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA...
Critical
Unreviewed
CVE-2021-20588
was published
May 24, 2022
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the...
Critical
Unreviewed
CVE-2021-26747
was published
May 24, 2022
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters...
Critical
Unreviewed
CVE-2019-25024
was published
May 24, 2022
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code...
Critical
Unreviewed
CVE-2021-27335
was published
May 24, 2022
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary...
Critical
Unreviewed
CVE-2021-27329
was published
May 24, 2022
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow...
Critical
Unreviewed
CVE-2021-27362
was published
May 24, 2022
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in...
Critical
Unreviewed
CVE-2021-26809
was published
May 24, 2022
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the...
Critical
Unreviewed
CVE-2021-25779
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API