GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,885 advisories
Filter by severity
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication...
Critical
Unreviewed
CVE-2018-12242
was published
May 14, 2022
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist...
Critical
Unreviewed
CVE-2018-19558
was published
May 14, 2022
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load...
Critical
Unreviewed
CVE-2018-19528
was published
May 14, 2022
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in...
Critical
Unreviewed
CVE-2018-16521
was published
May 14, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing...
Critical
Unreviewed
CVE-2018-18765
was published
May 14, 2022
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action...
Critical
Unreviewed
CVE-2018-18793
was published
May 14, 2022
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
Critical
Unreviewed
CVE-2018-17375
was published
May 14, 2022
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter...
Critical
Unreviewed
CVE-2018-0664
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip...
Critical
Unreviewed
CVE-2016-10733
was published
May 14, 2022
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
Critical
Unreviewed
CVE-2018-17394
was published
May 14, 2022
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the...
Critical
Unreviewed
CVE-2018-17380
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php,...
Critical
Unreviewed
CVE-2016-10732
was published
May 14, 2022
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause...
Critical
Unreviewed
CVE-2018-17609
was published
May 14, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated...
Critical
Unreviewed
CVE-2018-15484
was published
May 14, 2022
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18...
Critical
Unreviewed
CVE-2015-4633
was published
May 14, 2022
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute...
Critical
Unreviewed
CVE-2018-18835
was published
May 14, 2022
A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11,...
Critical
Unreviewed
CVE-2018-15904
was published
May 14, 2022
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule...
Critical
Unreviewed
CVE-2018-18702
was published
May 14, 2022
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
Critical
Unreviewed
CVE-2018-18527
was published
May 14, 2022
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9...
Critical
Unreviewed
CVE-2018-17446
was published
May 14, 2022
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid...
Critical
Unreviewed
CVE-2018-18785
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log...
Critical
Unreviewed
CVE-2016-10734
was published
May 14, 2022
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the...
Critical
Unreviewed
CVE-2018-16957
was published
May 14, 2022
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to...
Critical
Unreviewed
CVE-2018-18806
was published
May 14, 2022
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum,...
Critical
Unreviewed
CVE-2018-7242
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API