Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2016-10498 was published May 14, 2022
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might... Critical Unreviewed
CVE-2017-17790 was published May 14, 2022
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed
CVE-2017-1000493 was published May 14, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and... Critical Unreviewed
CVE-2018-4995 was published May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate... Critical Unreviewed
CVE-2017-7239 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... Critical Unreviewed
CVE-2017-14094 was published May 13, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy Critical
CVE-2015-3253 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SebGondron
Credited to SebGondron
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/... Critical Unreviewed
CVE-2018-16763 was published May 13, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo... Critical Unreviewed
CVE-2022-24039 was published May 11, 2022
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote... Critical Unreviewed
CVE-2013-7070 was published May 5, 2022
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-27336 was published Apr 28, 2022
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP... Critical Unreviewed
CVE-2011-2717 was published Apr 22, 2022
TWiki allows arbitrary shell command execution via the Include function Critical Unreviewed
CVE-2005-3056 was published Apr 21, 2022
A vulnerability classified as critical was found in School Club Application System 1.0. This... Critical Unreviewed
CVE-2022-1287 was published Apr 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database