Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,029 advisories

Loading
The "Log alert to a file" action within action management enables any Orion Platform user with... High Unreviewed
CVE-2021-35244 was published Dec 21, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An... High Unreviewed
CVE-2021-41870 was published Dec 16, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading... High Unreviewed
CVE-2021-27984 was published Dec 11, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior... High Unreviewed
CVE-2021-27860 was published Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The... High Unreviewed
CVE-2021-36719 was published Dec 9, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report... High Unreviewed
CVE-2021-21957 was published Dec 9, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42125 was published Dec 8, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute... High Unreviewed
CVE-2020-29176 was published Dec 4, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s... High Unreviewed
CVE-2021-42123 was published Dec 1, 2021
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could... High Unreviewed
CVE-2021-44094 was published Nov 29, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. High
CVE-2021-40324 was published for cobbler (pip) Oct 5, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39151 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
ProTip! Advisories are also available from the GraphQL API