GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,322
Composer 4,131
Erlang 29
GitHub Actions 19
Go 1,936
Maven 5,131
npm 3,676
NuGet 642
pip 3,292
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,502

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,141 advisories

Filter by severity

Sort by

Least recently updated

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote... Critical Unreviewed

CVE-2021-21154 was published May 24, 2022

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to... Critical Unreviewed

CVE-2021-21151 was published May 24, 2022

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a... Critical Unreviewed

CVE-2021-21155 was published May 24, 2022

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote... Critical Unreviewed

CVE-2021-21150 was published May 24, 2022

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3... Critical Unreviewed

CVE-2021-3120 was published May 24, 2022

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access... Critical Unreviewed

CVE-2021-27228 was published May 24, 2022

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might... Critical Unreviewed

CVE-2021-27514 was published May 24, 2022

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding... Critical Unreviewed

CVE-2021-24115 was published May 24, 2022

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed

CVE-2020-21224 was published May 24, 2022

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE... Critical Unreviewed

CVE-2020-11275 was published May 24, 2022

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response... Critical Unreviewed

CVE-2020-11276 was published May 24, 2022

A buffer overflow can occur when playing an MKV clip due to lack of input validation in... Critical Unreviewed

CVE-2020-11283 was published May 24, 2022

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be... Critical Unreviewed

CVE-2020-11272 was published May 24, 2022

Out of bound memory access while playing music playbacks with crafted vorbis content due to... Critical Unreviewed

CVE-2020-11170 was published May 24, 2022

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation... Critical Unreviewed

CVE-2020-11163 was published May 24, 2022

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote... Critical Unreviewed

CVE-2021-3210 was published May 24, 2022

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C... Critical Unreviewed

CVE-2021-20587 was published May 24, 2022

Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA... Critical Unreviewed

CVE-2021-20588 was published May 24, 2022

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the... Critical Unreviewed

CVE-2021-26747 was published May 24, 2022

OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters... Critical Unreviewed

CVE-2019-25024 was published May 24, 2022

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code... Critical Unreviewed

CVE-2021-27335 was published May 24, 2022

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary... Critical Unreviewed

CVE-2021-27329 was published May 24, 2022

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow... Critical Unreviewed

CVE-2021-27362 was published May 24, 2022

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in... Critical Unreviewed

CVE-2021-26809 was published May 24, 2022

Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the... Critical Unreviewed

CVE-2021-25779 was published May 24, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,141 advisories