Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-27040 was published Mar 16, 2023
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication... Critical Unreviewed
CVE-2023-26261 was published Mar 8, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability Critical
CVE-2023-25613 was published for org.apache.kerby:ldap-backend (Maven) Feb 20, 2023
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before... Critical Unreviewed
CVE-2015-7544 was published May 17, 2022
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the... Critical Unreviewed
CVE-2018-3963 was published May 13, 2022
Server Side Template Injection in MCMS Critical
CVE-2021-46063 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks... Critical Unreviewed
CVE-2016-4010 was published May 17, 2022
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58... Critical Unreviewed
CVE-2021-45658 was published Dec 27, 2021
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. Critical Unreviewed
CVE-2017-14397 was published May 17, 2022
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a... Critical Unreviewed
CVE-2017-8809 was published May 17, 2022
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core... Critical Unreviewed
CVE-2017-1000453 was published May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed.... Critical Unreviewed
CVE-2017-15714 was published May 14, 2022
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway... Critical Unreviewed
CVE-2018-6289 was published May 14, 2022
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an... Critical Unreviewed
CVE-2018-6220 was published May 14, 2022
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2016-10498 was published May 14, 2022
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might... Critical Unreviewed
CVE-2017-17790 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as... Critical Unreviewed
CVE-2017-20174 was published Jan 19, 2023
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database