Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

464 advisories

Loading
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via... High Unreviewed
CVE-2005-3750 was published May 1, 2022
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows... High Unreviewed
CVE-2009-1781 was published May 2, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded... High Unreviewed
CVE-2015-8800 was published May 13, 2022
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a... High Unreviewed
CVE-2019-9614 was published May 13, 2022
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated,... High Unreviewed
CVE-2018-0313 was published May 13, 2022
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a... High Unreviewed
CVE-2018-18250 was published May 13, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... High Unreviewed
CVE-2018-4106 was published May 13, 2022
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone,... High Unreviewed
CVE-2018-7032 was published May 13, 2022
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by... High Unreviewed
CVE-2017-17531 was published May 13, 2022
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate... High Unreviewed
CVE-2017-17518 was published May 13, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
uiutil.c in FontForge through 20170731 does not validate strings before launching the program... High Unreviewed
CVE-2017-17521 was published May 13, 2022
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ... High Unreviewed
CVE-2015-4075 was published May 13, 2022
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,... High Unreviewed
CVE-2018-9062 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... High Unreviewed
CVE-2018-18992 was published May 13, 2022
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk... High Unreviewed
CVE-2017-6015 was published May 13, 2022
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ... High Unreviewed
CVE-2017-6031 was published May 13, 2022
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort... High Unreviewed
CVE-2017-16719 was published May 13, 2022
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7... High Unreviewed
CVE-2015-1592 was published May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... High Unreviewed
CVE-2017-3547 was published May 13, 2022
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an... High Unreviewed
CVE-2017-6748 was published May 13, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to... High Unreviewed
CVE-2017-6971 was published May 13, 2022
ntopng before 3.0 allows HTTP Response Splitting. High Unreviewed
CVE-2017-7459 was published May 13, 2022
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as... High Unreviewed
CVE-2018-20167 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database