Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,711
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2016-10498 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... Critical Unreviewed
CVE-2018-6220 was published May 14, 2022
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway... Critical Unreviewed
CVE-2018-6289 was published May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.... Critical Unreviewed
CVE-2017-15714 was published May 14, 2022
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core... Critical Unreviewed
CVE-2017-1000453 was published May 14, 2022
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a... Critical Unreviewed
CVE-2017-8809 was published May 17, 2022
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Critical Unreviewed
CVE-2017-14397 was published May 17, 2022
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58... Critical Unreviewed
CVE-2021-45658 was published Dec 27, 2021
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Server Side Template Injection in MCMS Critical
CVE-2021-46063 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before... Critical Unreviewed
CVE-2015-7544 was published May 17, 2022
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability Critical
CVE-2023-25613 was published for org.apache.kerby:ldap-backend (Maven) Feb 20, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication... Critical Unreviewed
CVE-2023-26261 was published Mar 8, 2023
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-27040 was published Mar 16, 2023
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed
CVE-2022-27858 was published Nov 9, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This... Critical Unreviewed
CVE-2022-4257 was published Dec 1, 2022
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo... Critical Unreviewed
CVE-2022-24039 was published May 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database