Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,836 advisories

Loading
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0... Moderate Unreviewed
CVE-2021-20768 was published May 24, 2022
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may... High Unreviewed
CVE-2021-25654 was published May 24, 2022
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c... Moderate Unreviewed
CVE-2020-18775 was published May 24, 2022
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute... High Unreviewed
CVE-2008-6392 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00... Moderate Unreviewed
CVE-2008-6562 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote... Moderate Unreviewed
CVE-2008-6550 was published May 17, 2022
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a... Critical Unreviewed
CVE-2020-18048 was published May 24, 2022
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access... Moderate Unreviewed
CVE-2021-24584 was published May 24, 2022
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image... Moderate Unreviewed
CVE-2021-24618 was published May 24, 2022
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows... Moderate Unreviewed
CVE-2021-25476 was published May 24, 2022
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-24240 was published Jun 3, 2022
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2022-24238 was published Jun 3, 2022
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL... High Unreviewed
CVE-2021-24651 was published May 24, 2022
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when... Moderate Unreviewed
CVE-2021-24683 was published May 24, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26972 was published Jun 3, 2022
Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto,... Moderate Unreviewed
CVE-2021-1929 was published May 24, 2022
In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an... High Unreviewed
CVE-2021-33289 was published May 24, 2022
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. High Unreviewed
CVE-2021-39262 was published May 24, 2022
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <... High Unreviewed
CVE-2021-39251 was published May 24, 2022
Tuxera NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the... High Unreviewed
CVE-2021-33287 was published May 24, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary... Critical Unreviewed
CVE-2020-24672 was published May 24, 2022
Child process can leak information from parent process due to numeric pids are getting compared... Moderate Unreviewed
CVE-2021-1904 was published May 24, 2022
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert... Moderate Unreviewed
CVE-2021-35219 was published May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1... Moderate Unreviewed
CVE-2021-31798 was published May 24, 2022
This release addresses a potential information leakage vulnerability in NetIQ Access Manager... Moderate Unreviewed
CVE-2021-22525 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database