Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before... Critical Unreviewed
CVE-2015-7544 was published May 17, 2022
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a... Critical Unreviewed
CVE-2017-8809 was published May 17, 2022
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core... Critical Unreviewed
CVE-2017-1000453 was published May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.... Critical Unreviewed
CVE-2017-15714 was published May 14, 2022
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway... Critical Unreviewed
CVE-2018-6289 was published May 14, 2022
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via... Critical Unreviewed
CVE-2015-5377 was published May 14, 2022
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... Critical Unreviewed
CVE-2018-6220 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2016-10498 was published May 14, 2022
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might... Critical Unreviewed
CVE-2017-17790 was published May 14, 2022
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed
CVE-2017-1000493 was published May 14, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and... Critical Unreviewed
CVE-2018-4995 was published May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate... Critical Unreviewed
CVE-2017-7239 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... Critical Unreviewed
CVE-2017-14094 was published May 13, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy Critical
CVE-2015-3253 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SebGondron
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/... Critical Unreviewed
CVE-2018-16763 was published May 13, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo... Critical Unreviewed
CVE-2022-24039 was published May 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database