Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Server Side Template Injection in MCMS Critical
CVE-2021-46063 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks... Critical Unreviewed
CVE-2016-4010 was published May 17, 2022
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58... Critical Unreviewed
CVE-2021-45658 was published Dec 27, 2021
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Critical Unreviewed
CVE-2017-14397 was published May 17, 2022
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a... Critical Unreviewed
CVE-2017-8809 was published May 17, 2022
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core... Critical Unreviewed
CVE-2017-1000453 was published May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.... Critical Unreviewed
CVE-2017-15714 was published May 14, 2022
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway... Critical Unreviewed
CVE-2018-6289 was published May 14, 2022
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... Critical Unreviewed
CVE-2018-6220 was published May 14, 2022
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2016-10498 was published May 14, 2022
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might... Critical Unreviewed
CVE-2017-17790 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as... Critical Unreviewed
CVE-2017-20174 was published Jan 19, 2023
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
@keystone-6/core's NODE_ENV defaults to development with esbuild Critical
CVE-2022-39382 was published for @keystone-6/core (npm) Nov 3, 2022
acburdine
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-45550 was published Dec 7, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed
CVE-2017-1000493 was published May 14, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and... Critical Unreviewed
CVE-2018-4995 was published May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate... Critical Unreviewed
CVE-2017-7239 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database