GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,772
Composer 4,753
Erlang 35
GitHub Actions 29
Go 2,326
Maven 5,610
npm 3,956
NuGet 712
pip 3,740
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,434

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

749 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

If an on-premise installation of the Pega Platform is configured with the port for the JMX... Critical Unreviewed

CVE-2022-24082 was published Jul 20, 2022

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code... Critical Unreviewed

CVE-2021-42090 was published May 24, 2022

An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR... Critical Unreviewed

CVE-2021-40102 was published May 24, 2022

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All... Critical Unreviewed

CVE-2021-37181 was published May 24, 2022

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute... Critical Unreviewed

CVE-2021-39392 was published May 24, 2022

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml... Critical Unreviewed

CVE-2021-34066 was published May 24, 2022

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Critical Unreviewed

CVE-2021-37544 was published May 24, 2022

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure... Critical Unreviewed

CVE-2021-36483 was published May 24, 2022

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7... Critical Unreviewed

CVE-2020-5341 was published May 24, 2022

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the... Critical Unreviewed

CVE-2021-29781 was published May 24, 2022

Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary... Critical Unreviewed

CVE-2021-38241 was published Dec 17, 2022

The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for... Critical Unreviewed

CVE-2021-24384 was published May 24, 2022

Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507... Critical Unreviewed

CVE-2021-35971 was published May 24, 2022

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a... Critical Unreviewed

CVE-2021-3287 was published May 24, 2022

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it... Critical Unreviewed

CVE-2021-33806 was published May 24, 2022

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute... Critical Unreviewed

CVE-2020-29045 was published May 24, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed

CVE-2021-31474 was published May 24, 2022

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Critical Unreviewed

CVE-2021-32098 was published May 24, 2022

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to... Critical Unreviewed

CVE-2020-9493 was published May 24, 2022

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message... Critical Unreviewed

CVE-2021-25274 was published May 24, 2022

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted... Critical Unreviewed

CVE-2021-21524 was published May 24, 2022

Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Critical Unreviewed

CVE-2021-32075 was published May 24, 2022

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA... Critical Unreviewed

CVE-2021-3160 was published May 24, 2022

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can... Critical Unreviewed

CVE-2021-29200 was published May 24, 2022

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains... Critical Unreviewed

CVE-2020-10658 was published May 24, 2022

Previous 1 2 … 25 26 27 28 29 30 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

749 advisories