Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,712 advisories

Loading
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed
CVE-2021-25985 was published May 24, 2022
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of... Critical Unreviewed
CVE-2021-27410 was published May 24, 2022
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image,... Critical Unreviewed
CVE-2021-41299 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor:... Critical Unreviewed
CVE-2021-21825 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27235 was published May 24, 2022
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff... Critical Unreviewed
CVE-2020-14315 was published May 24, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2020-5648 was published May 24, 2022
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of... Critical Unreviewed
CVE-2021-21811 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27234 was published May 24, 2022
An internal security review has identified an unauthenticated remote code execution vulnerability... Critical Unreviewed
CVE-2020-8349 was published May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the... Critical Unreviewed
CVE-2020-25566 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27239 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27237 was published May 24, 2022
Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model... Critical Unreviewed
CVE-2020-5647 was published May 24, 2022
A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T... Critical Unreviewed
CVE-2021-21810 was published May 24, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27233 was published May 24, 2022
The manage users profile services of the network camera device allows an authenticated. Remote... Critical Unreviewed
CVE-2021-30167 was published May 24, 2022
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug... Critical Unreviewed
CVE-2021-24527 was published May 24, 2022
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT... Critical Unreviewed
CVE-2020-5644 was published May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote... Critical Unreviewed
CVE-2021-37909 was published May 24, 2022
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC)... Critical Unreviewed
CVE-2021-31884 was published May 24, 2022
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire... Critical Unreviewed
CVE-2020-25565 was published May 24, 2022
Improper Certificate Validation in Apache Netbeans Critical
CVE-2019-17560 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database