Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style... High Unreviewed
CVE-2017-18387 was published May 24, 2022
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin ... High Unreviewed
CVE-2017-18386 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts... High Unreviewed
CVE-2016-10847 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts... High Unreviewed
CVE-2016-10845 was published May 24, 2022
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files ... High Unreviewed
CVE-2018-20914 was published May 24, 2022
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a... High Unreviewed
CVE-2019-9811 was published May 24, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is... High Unreviewed
CVE-2019-0319 was published May 24, 2022
Rancher code injection via fluentd config commands High
CVE-2019-12303 was published for github.com/rancher/rancher (Go) May 24, 2022
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function.... High Unreviewed
CVE-2019-6800 was published May 24, 2022
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero... High Unreviewed
CVE-2019-9900 was published May 24, 2022
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the... High Unreviewed
CVE-2019-11354 was published May 24, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted... High Unreviewed
CVE-2014-7844 was published May 17, 2022
LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. High Unreviewed
CVE-2014-4982 was published May 17, 2022
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote... High Unreviewed
CVE-2014-8423 was published May 17, 2022
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to... High Unreviewed
CVE-2015-1169 was published May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain... High Unreviewed
CVE-2016-5685 was published May 17, 2022
libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes... High Unreviewed
CVE-2015-3205 was published May 17, 2022
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows... High Unreviewed
CVE-2016-2204 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1... High Unreviewed
CVE-2016-6754 was published May 17, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify... High Unreviewed
CVE-2015-8258 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database