Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate... High Unreviewed
CVE-2017-17519 was published May 14, 2022
Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program... High Unreviewed
CVE-2017-17526 was published May 14, 2022
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the... High Unreviewed
CVE-2017-17525 was published May 14, 2022
TeX Live through 20170524 does not validate strings before launching the program specified by the... High Unreviewed
CVE-2017-17513 was published May 14, 2022
** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program... High Unreviewed
CVE-2017-17514 was published May 14, 2022
** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the... High Unreviewed
CVE-2017-17520 was published May 14, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program... High Unreviewed
CVE-2017-17523 was published May 14, 2022
uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by... High Unreviewed
CVE-2017-17534 was published May 14, 2022
** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before... High Unreviewed
CVE-2017-17522 was published May 14, 2022
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program... High Unreviewed
CVE-2017-17524 was published May 14, 2022
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary... High Unreviewed
CVE-2015-5227 was published May 17, 2022
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account... High Unreviewed
CVE-2021-43038 was published Dec 7, 2021
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service... High Unreviewed
CVE-2021-4182 was published Dec 31, 2021
Injection in UserFrosting High
CVE-2021-25994 was published for userfrosting/userfrosting (Composer) Jan 6, 2022
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote... High Unreviewed
CVE-2021-39031 was published Jan 26, 2022
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote... High Unreviewed
CVE-2021-36348 was published Jan 27, 2022
A flaw was found in Python, specifically within the urllib.parse module. This module helps break... High Unreviewed
CVE-2022-0391 was published Feb 11, 2022
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is... High Unreviewed
CVE-2023-23749 was published Jan 17, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1... High Unreviewed
CVE-2022-4092 was published Jan 26, 2023
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2013-6435 was published May 14, 2022
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted... High Unreviewed
CVE-2014-7844 was published May 17, 2022
Command injection in Apache Sling High
CVE-2023-25141 was published for org.apache.sling:org.apache.sling.jcr.base (Maven) Feb 14, 2023
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a... High Unreviewed
CVE-2019-9811 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database