Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,334
NuGet
764
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. Critical Unreviewed
CVE-2017-18583 was published May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8900 was published May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Critical Unreviewed
CVE-2016-8901 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8899 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0... Critical Unreviewed
CVE-2016-1155 was published May 17, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation... Critical Unreviewed
CVE-2017-9861 was published May 17, 2022
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks... Critical Unreviewed
CVE-2016-4010 was published May 17, 2022
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Critical Unreviewed
CVE-2017-14397 was published May 17, 2022
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before... Critical Unreviewed
CVE-2015-7544 was published May 17, 2022
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a... Critical Unreviewed
CVE-2017-8809 was published May 17, 2022
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core... Critical Unreviewed
CVE-2017-1000453 was published May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.... Critical Unreviewed
CVE-2017-15714 was published May 14, 2022
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway... Critical Unreviewed
CVE-2018-6289 was published May 14, 2022
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via... Critical Unreviewed
CVE-2015-5377 was published May 14, 2022
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... Critical Unreviewed
CVE-2018-6220 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database