Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,859 advisories

Loading
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of... High Unreviewed
CVE-2021-21841 was published May 24, 2022
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows... High Unreviewed
CVE-2020-19822 was published May 24, 2022
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute... High Unreviewed
CVE-2021-39259 was published May 24, 2022
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes... High Unreviewed
CVE-2021-24555 was published May 24, 2022
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big... Moderate Unreviewed
CVE-2021-30673 was published May 24, 2022
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability... High Unreviewed
CVE-2021-20118 was published May 24, 2022
The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving... Moderate Unreviewed
CVE-2021-24431 was published May 24, 2022
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft... Critical Unreviewed
CVE-2021-26608 was published May 24, 2022
Due to improper input sanitization, an authenticated user with certain specific privileges can... High Unreviewed
CVE-2021-38176 was published May 24, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist... High Unreviewed
CVE-2022-29093 was published Jun 11, 2022
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. Moderate Unreviewed
CVE-2022-32195 was published Jun 10, 2022
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an... High Unreviewed
CVE-2022-27502 was published Jun 11, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name... High Unreviewed
CVE-2022-24241 was published Jun 3, 2022
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the... Moderate Unreviewed
CVE-2021-42200 was published Jun 3, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2... Moderate Unreviewed
CVE-2021-36890 was published Jun 3, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26971 was published Jun 3, 2022
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0... Critical Unreviewed
CVE-2022-31788 was published Jun 11, 2022
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in... Moderate Unreviewed
CVE-2022-32978 was published Jun 11, 2022
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. High Unreviewed
CVE-2022-31496 was published Jun 10, 2022
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. Critical Unreviewed
CVE-2021-41754 was published Jun 11, 2022
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core... Moderate Unreviewed
CVE-2022-31285 was published Jun 11, 2022
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3... Moderate Unreviewed
CVE-2020-15939 was published May 24, 2022
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote... Moderate Unreviewed
CVE-2008-6173 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows... Moderate Unreviewed
CVE-2008-6130 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database