Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This... High Unreviewed
CVE-2020-27687 was published May 24, 2022
An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing... High Unreviewed
CVE-2020-29655 was published May 24, 2022
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow... High Unreviewed
CVE-2020-35938 was published May 24, 2022
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could... High Unreviewed
CVE-2020-4689 was published May 24, 2022
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect... High Unreviewed
CVE-2020-25268 was published May 24, 2022
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File... High Unreviewed
CVE-2020-28328 was published May 24, 2022
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via... High Unreviewed
CVE-2020-22277 was published May 24, 2022
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry... High Unreviewed
CVE-2020-22275 was published May 24, 2022
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may... High Unreviewed
CVE-2020-12817 was published May 24, 2022
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware.... High Unreviewed
CVE-2020-11733 was published May 24, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute... High Unreviewed
CVE-2020-4589 was published May 24, 2022
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers... High Unreviewed
CVE-2020-10987 was published May 24, 2022
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via... High Unreviewed
CVE-2020-15477 was published May 24, 2022
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when... High Unreviewed
CVE-2020-1481 was published May 24, 2022
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting... High Unreviewed
CVE-2020-11852 was published May 24, 2022
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful... High Unreviewed
CVE-2020-9688 was published May 24, 2022
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the... High Unreviewed
CVE-2020-11546 was published May 24, 2022
XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to... High Unreviewed
CVE-2020-7815 was published May 24, 2022
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380)... High Unreviewed
CVE-2020-9297 was published May 24, 2022
RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files... High Unreviewed
CVE-2020-7814 was published May 24, 2022
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with... High Unreviewed
CVE-2020-5599 was published May 24, 2022
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell... High Unreviewed
CVE-2020-15489 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve... High Unreviewed
CVE-2020-14172 was published May 24, 2022
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the... High Unreviewed
CVE-2020-14094 was published May 24, 2022
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection... High Unreviewed
CVE-2020-14095 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database