GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,047 advisories
Filter by severity
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php...
Critical
Unreviewed
CVE-2020-26051
was published
May 24, 2022
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through...
Critical
Unreviewed
CVE-2020-16629
was published
May 24, 2022
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a...
Critical
Unreviewed
CVE-2021-3122
was published
May 24, 2022
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with...
Critical
Unreviewed
CVE-2021-20623
was published
May 24, 2022
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a...
Critical
Unreviewed
CVE-2020-18717
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18716
was published
May 24, 2022
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort()...
Critical
Unreviewed
CVE-2020-10539
was published
May 24, 2022
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted...
Critical
Unreviewed
CVE-2020-10857
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18714
was published
May 24, 2022
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering...
Critical
Unreviewed
CVE-2020-18713
was published
May 24, 2022
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another...
Critical
Unreviewed
CVE-2021-3401
was published
May 24, 2022
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric...
Critical
Unreviewed
CVE-2021-26688
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In...
Critical
Unreviewed
CVE-2021-26687
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The...
Critical
Unreviewed
CVE-2021-26689
was published
May 24, 2022
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote...
Critical
Unreviewed
CVE-2021-20016
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1295
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1293
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1292
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1294
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1291
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1290
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160,...
Critical
Unreviewed
CVE-2021-1289
was published
May 24, 2022
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that...
Critical
Unreviewed
CVE-2020-14245
was published
May 24, 2022
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message...
Critical
Unreviewed
CVE-2021-25274
was published
May 24, 2022
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible,...
Critical
Unreviewed
CVE-2021-25770
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API