Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

763 advisories

Loading
Security check skip in Apache Dubbo Critical
CVE-2021-37579 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Remote Code Execution in Halibut Critical
CVE-2021-31819 was published for Halibut (NuGet) Sep 23, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils Critical
CVE-2021-41616 was published for org.apache.ddlutils:ddlutils (Maven) Oct 4, 2021
Nameko Arbitrary code execution due to YAML deserialization Critical
CVE-2021-41078 was published for nameko (pip) Oct 19, 2021
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm Critical
CVE-2021-40865 was published for org.apache.storm:storm (Maven) Oct 27, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44681 was published Dec 7, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44682 was published Dec 7, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44680 was published Dec 7, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44678 was published Dec 7, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44679 was published Dec 7, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the... Critical Unreviewed
CVE-2021-44677 was published Dec 7, 2021
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery... Critical Unreviewed
CVE-2021-37298 was published Dec 7, 2021
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using... Critical Unreviewed
CVE-2021-42127 was published Dec 8, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36564 was published for topthink/framework (Composer) Dec 10, 2021
The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize... Critical Unreviewed
CVE-2021-24857 was published Dec 14, 2021
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
ppkarwasz
Remote Code Execution in AjaxNetProfessional Critical
CVE-2021-23758 was published for AjaxNetProfessional (NuGet) Dec 16, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could... Critical Unreviewed
CVE-2021-36336 was published Dec 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows... Critical Unreviewed
CVE-2021-44029 was published Dec 23, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Deserialization of Untrusted Data in rust-cpuid Critical
CVE-2021-45687 was published for raw-cpuid (Rust) Jan 6, 2022
richardfan0606
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database