GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,029 advisories
Filter by severity
The "Log alert to a file" action within action management enables any Orion Platform user with...
High
Unreviewed
CVE-2021-35244
was published
Dec 21, 2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An...
High
Unreviewed
CVE-2021-41870
was published
Dec 16, 2021
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading...
High
Unreviewed
CVE-2021-27984
was published
Dec 11, 2021
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior...
High
Unreviewed
CVE-2021-27860
was published
Dec 9, 2021
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The...
High
Unreviewed
CVE-2021-36719
was published
Dec 9, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42125
was published
Dec 8, 2021
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute...
High
Unreviewed
CVE-2020-29176
was published
Dec 4, 2021
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s...
High
Unreviewed
CVE-2021-42123
was published
Dec 1, 2021
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could...
High
Unreviewed
CVE-2021-44094
was published
Nov 29, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
High
CVE-2021-3915
was published
for
ssddanbrown/bookstack
(Composer)
Nov 15, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Drupal core Unrestricted Upload of File with Dangerous Type
High
CVE-2020-13671
was published
for
drupal/core
(Composer)
Oct 12, 2021
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
High
CVE-2021-40324
was published
for
cobbler
(pip)
Oct 5, 2021
Arbitrary Code Execution in feehi/cms
High
CVE-2020-21322
was published
for
feehi/cms
(Composer)
Sep 20, 2021
Arbitrary file upload in Fork CMS
High
CVE-2021-28931
was published
for
forkcms/forkcms
(Composer)
Sep 8, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39149
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack
High
CVE-2021-39154
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
ProTip!
Advisories are also available from the
GraphQL API