GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,197

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

222 advisories

Filter by severity

Sort by

Least recently updated

grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames Moderate Unreviewed

CVE-2021-3799 was published May 24, 2022

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS... Moderate Unreviewed

CVE-2018-19957 was published May 24, 2022

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable... Moderate Unreviewed

CVE-2021-3731 was published May 24, 2022

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed

CVE-2021-32070 was published May 24, 2022

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated,... Moderate Unreviewed

CVE-2021-37788 was published May 24, 2022

Showing the legitimate URL in the address bar while loading the content from other domain. This... Moderate Unreviewed

CVE-2021-33596 was published May 24, 2022

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote... Moderate Unreviewed

CVE-2021-20560 was published May 24, 2022

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an... High Unreviewed

CVE-2021-0586 was published May 24, 2022

Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote... Moderate Unreviewed

CVE-2021-35300 was published May 24, 2022

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking... Moderate Unreviewed

CVE-2021-0569 was published May 24, 2022

In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0... High Unreviewed

CVE-2021-0537 was published May 24, 2022

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency... High Unreviewed

CVE-2021-0538 was published May 24, 2022

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due... High Unreviewed

CVE-2021-0506 was published May 24, 2022

In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning... High Unreviewed

CVE-2021-0523 was published May 24, 2022

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in... Moderate Unreviewed

CVE-2020-10743 was published May 24, 2022

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more... High Unreviewed

CVE-2021-22866 was published May 24, 2022

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated,... High Unreviewed

CVE-2021-1403 was published May 24, 2022

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API... Critical Unreviewed

CVE-2021-23274 was published May 24, 2022

When accepting a malicious intent from other installed apps, Firefox for Android accepted... High Unreviewed

CVE-2021-23976 was published May 24, 2022

The browser could have been confused into transferring a pointer lock state into another tab,... Moderate Unreviewed

CVE-2021-23955 was published May 24, 2022

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a... High Unreviewed

CVE-2021-0333 was published May 24, 2022

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack... High Unreviewed

CVE-2021-0331 was published May 24, 2022

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed... High Unreviewed

CVE-2021-0314 was published May 24, 2022

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This... High Unreviewed

CVE-2021-0305 was published May 24, 2022

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This... High Unreviewed

CVE-2021-0302 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

222 advisories