GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
952 advisories
Filter by severity
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could...
High
Unreviewed
CVE-2021-44094
was published
Nov 29, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute...
High
Unreviewed
CVE-2020-29176
was published
Dec 4, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42125
was published
Dec 8, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The...
High
Unreviewed
CVE-2021-36719
was published
Dec 9, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior...
High
Unreviewed
CVE-2021-27860
was published
Dec 9, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading...
High
Unreviewed
CVE-2021-27984
was published
Dec 11, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An...
High
Unreviewed
CVE-2021-41870
was published
Dec 16, 2021
The "Log alert to a file" action within action management enables any Orion Platform user with...
High
Unreviewed
CVE-2021-35244
was published
Dec 21, 2021
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management...
High
Unreviewed
CVE-2021-46079
was published
Jan 7, 2022
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker...
High
Unreviewed
CVE-2021-46076
was published
Jan 7, 2022
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows...
High
Unreviewed
CVE-2021-43973
was published
Jan 12, 2022
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the...
High
Unreviewed
CVE-2021-44651
was published
Jan 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2021-34997
was published
Jan 14, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2021-34995
was published
Jan 14, 2022
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by...
High
Unreviewed
CVE-2021-33828
was published
Jan 16, 2022
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
High
Unreviewed
CVE-2021-41550
was published
Jan 19, 2022
jpress v4.2.0 allows users to register an account by default. With the account, user can upload...
High
Unreviewed
CVE-2021-45808
was published
Jan 20, 2022
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution...
High
Unreviewed
CVE-2021-46113
was published
Jan 26, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController...
High
Unreviewed
CVE-2021-46116
was published
Jan 27, 2022
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The...
High
Unreviewed
CVE-2021-46115
was published
Jan 27, 2022
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability,...
High
Unreviewed
CVE-2021-44123
was published
Jan 27, 2022
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php...
High
Unreviewed
CVE-2021-46097
was published
Jan 28, 2022
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used)...
High
Unreviewed
CVE-2021-37194
was published
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API