GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,383 advisories
Filter by severity
Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference...
Moderate
Unreviewed
CVE-2021-40756
was published
Nov 19, 2021
It was discovered that on Windows operating systems specifically, Kibana was not validating a...
Moderate
Unreviewed
CVE-2021-37938
was published
Nov 19, 2021
The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is...
Moderate
Unreviewed
CVE-2021-43409
was published
Nov 20, 2021
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector...
Moderate
Unreviewed
CVE-2021-40131
was published
Nov 20, 2021
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A...
Moderate
Unreviewed
CVE-2021-36340
was published
Nov 21, 2021
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability...
Moderate
Unreviewed
CVE-2021-40774
was published
Nov 23, 2021
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0...
Moderate
Unreviewed
CVE-2021-38000
was published
Nov 24, 2021
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection...
Moderate
Unreviewed
CVE-2021-36332
was published
Nov 24, 2021
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a...
Moderate
Unreviewed
CVE-2021-31852
was published
Nov 24, 2021
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link...
Moderate
Unreviewed
CVE-2021-24812
was published
Nov 24, 2021
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This...
Moderate
Unreviewed
CVE-2021-21561
was published
Nov 24, 2021
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the...
Moderate
Unreviewed
CVE-2021-24768
was published
Nov 30, 2021
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the...
Moderate
Unreviewed
CVE-2019-8921
was published
Nov 30, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference...
Moderate
Unreviewed
CVE-2021-36329
was published
Dec 1, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute...
Moderate
Unreviewed
CVE-2021-38967
was published
Dec 1, 2021
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site...
Moderate
Unreviewed
CVE-2021-43991
was published
Dec 4, 2021
An information disclosure via GET request server-side request forgery vulnerability was...
Moderate
Unreviewed
CVE-2021-37940
was published
Dec 8, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone...
Moderate
Unreviewed
CVE-2021-37058
was published
Dec 8, 2021
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious...
Moderate
Unreviewed
CVE-2021-44527
was published
Dec 8, 2021
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited,...
Moderate
Unreviewed
CVE-2021-40094
was published
Dec 8, 2021
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions...
Moderate
Unreviewed
CVE-2021-29116
was published
Dec 8, 2021
A improper neutralization of input during web page generation ('cross-site scripting') in...
Moderate
Unreviewed
CVE-2021-42752
was published
Dec 9, 2021
A improper neutralization of input during web page generation ('cross-site scripting') in...
Moderate
Unreviewed
CVE-2021-41029
was published
Dec 9, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the...
Moderate
Unreviewed
CVE-2021-39054
was published
Dec 14, 2021
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in...
Moderate
Unreviewed
CVE-2021-24792
was published
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API