Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,224 advisories

Loading
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a... Critical Unreviewed
CVE-2015-9278 was published May 14, 2022
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters... Critical Unreviewed
CVE-2018-18923 was published May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine... Critical Unreviewed
CVE-2018-8955 was published May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to... Critical Unreviewed
CVE-2013-5654 was published May 14, 2022
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to... Critical Unreviewed
CVE-2016-1142 was published May 14, 2022
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an... Critical Unreviewed
CVE-2016-1000271 was published May 14, 2022
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper... Critical Unreviewed
CVE-2018-9476 was published May 14, 2022
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. Critical Unreviewed
CVE-2020-22820 was published Nov 3, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. Critical Unreviewed
CVE-2020-22818 was published Nov 3, 2022
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B)... Critical Unreviewed
CVE-2018-12667 was published May 14, 2022
Zemana AntiMalware before 3.0.658 Beta mishandles update logic. Critical Unreviewed
CVE-2019-6440 was published May 14, 2022
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in... Critical Unreviewed
CVE-2019-6246 was published May 14, 2022
Vanilla 2.6.x before 2.6.4 allows remote code execution. Critical Unreviewed
CVE-2018-18903 was published May 14, 2022
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3... Critical Unreviewed
CVE-2018-14749 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
Jspxcms v9.0.0 allows SSRF. Critical Unreviewed
CVE-2018-20596 was published May 14, 2022
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php... Critical Unreviewed
CVE-2019-3577 was published May 14, 2022
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj]... Critical Unreviewed
CVE-2019-8429 was published May 14, 2022
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack... Critical Unreviewed
CVE-2019-6443 was published May 14, 2022
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack... Critical Unreviewed
CVE-2019-6444 was published May 14, 2022
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or... Critical Unreviewed
CVE-2018-20715 was published May 14, 2022
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my... Critical Unreviewed
CVE-2018-20716 was published May 14, 2022
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c... Critical Unreviewed
CVE-2017-18174 was published May 14, 2022
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name... Critical Unreviewed
CVE-2019-7720 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database