GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,...
Moderate
Unreviewed
CVE-2021-20843
was published
May 24, 2022
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included...
High
Unreviewed
CVE-2021-41569
was published
May 24, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and...
Critical
Unreviewed
CVE-2020-16152
was published
May 24, 2022
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the...
High
Unreviewed
CVE-2021-33626
was published
May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the...
High
Unreviewed
CVE-2021-38360
was published
May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared...
High
Unreviewed
CVE-2021-34398
was published
May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of...
Critical
Unreviewed
CVE-2021-21804
was published
May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged...
High
Unreviewed
CVE-2021-34692
was published
May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6.
High
Unreviewed
CVE-2021-30121
was published
May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
Moderate
Unreviewed
CVE-2021-29777
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212...
High
Unreviewed
CVE-2021-30507
was published
May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in...
Critical
Unreviewed
CVE-2020-4561
was published
May 24, 2022
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library)...
High
Unreviewed
CVE-2021-20443
was published
May 24, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
High
CVE-2021-20187
was published
for
moodle/moodle
(Composer)
May 24, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be...
Moderate
Unreviewed
CVE-2019-17014
was published
May 24, 2022
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace...
Moderate
Unreviewed
CVE-2019-16951
was published
May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a...
Moderate
Unreviewed
CVE-2019-11742
was published
May 24, 2022
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access...
Moderate
Unreviewed
CVE-2019-4263
was published
May 24, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
High
Unreviewed
CVE-2018-18387
was published
May 13, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated...
Critical
Unreviewed
CVE-2018-15486
was published
May 13, 2022
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->...
High
Unreviewed
CVE-2018-1000502
was published
May 13, 2022
Drupal Remote code execution
High
CVE-2017-6381
was published
for
drupal/core
(Composer)
May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to...
Critical
Unreviewed
CVE-2017-5397
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API