Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,822
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,225 advisories

Loading
CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex... Critical Unreviewed
CVE-2018-20508 was published May 14, 2022
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML... Critical Unreviewed
CVE-2018-1000838 was published May 14, 2022
Traq 3.7.1 allows SQL Injection via a tickets?search= URI. Critical Unreviewed
CVE-2018-20779 was published May 14, 2022
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an... Critical Unreviewed
CVE-2018-0669 was published May 14, 2022
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an... Critical Unreviewed
CVE-2018-0670 was published May 14, 2022
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2018-19862 was published May 14, 2022
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0... Critical Unreviewed
CVE-2018-1000875 was published May 14, 2022
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a... Critical Unreviewed
CVE-2019-9034 was published May 14, 2022
Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access... Critical Unreviewed
CVE-2018-13904 was published May 14, 2022
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2018-9116 was published May 14, 2022
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows... Critical Unreviewed
CVE-2018-9843 was published May 14, 2022
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a... Critical Unreviewed
CVE-2019-9035 was published May 14, 2022
The yaml_parse.load method in Pylearn2 allows code injection. Critical Unreviewed
CVE-2018-20027 was published May 14, 2022
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID... Critical Unreviewed
CVE-2019-7587 was published May 14, 2022
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML,... Critical Unreviewed
CVE-2018-19047 was published May 14, 2022
DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote... Critical Unreviewed
CVE-2018-5203 was published May 14, 2022
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter... Critical Unreviewed
CVE-2018-1000827 was published May 14, 2022
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function... Critical Unreviewed
CVE-2018-19417 was published May 14, 2022
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary... Critical Unreviewed
CVE-2018-19127 was published May 14, 2022
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0... Critical Unreviewed
CVE-2018-18933 was published May 14, 2022
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability... Critical Unreviewed
CVE-2019-5720 was published May 14, 2022
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters... Critical Unreviewed
CVE-2018-18923 was published May 14, 2022
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that... Critical Unreviewed
CVE-2018-1000824 was published May 14, 2022
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update... Critical Unreviewed
CVE-2017-18160 was published May 14, 2022
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. Critical Unreviewed
CVE-2018-4281 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database