Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a... High Unreviewed
CVE-2016-7125 was published May 14, 2022
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker... High Unreviewed
CVE-2017-15313 was published May 14, 2022
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core... High Unreviewed
CVE-2017-1000454 was published May 14, 2022
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The... High Unreviewed
CVE-2017-5799 was published May 14, 2022
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the... High Unreviewed
CVE-2017-17512 was published May 14, 2022
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1... High Unreviewed
CVE-2015-1975 was published May 14, 2022
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before... High Unreviewed
CVE-2017-18266 was published May 14, 2022
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website,... High Unreviewed
CVE-2017-7846 was published May 14, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability High
CVE-2018-6519 was published for simplesamlphp/saml2 (Composer) May 14, 2022
The backup mechanism in the adb tool in Android might allow attackers to inject additional... High Unreviewed
CVE-2014-7952 was published May 14, 2022
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when... High Unreviewed
CVE-2015-1762 was published May 14, 2022
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to... High Unreviewed
CVE-2015-2180 was published May 14, 2022
Twig remote code execution in templates High
CVE-2015-7809 was published for twig/twig (Composer) May 14, 2022
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2013-6435 was published May 14, 2022
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by... High Unreviewed
CVE-2017-7703 was published May 14, 2022
Injection in Jolokia agent High
CVE-2018-1000130 was published for org.jolokia:jolokia-core (Maven) May 14, 2022
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER... High Unreviewed
CVE-2017-17511 was published May 14, 2022
Opencast RCE Vulnerability High
CVE-2017-1000217 was published for org.opencastproject:base (Maven) May 14, 2022
** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses... High Unreviewed
CVE-2017-14523 was published May 14, 2022
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as... High Unreviewed
CVE-2018-20167 was published May 13, 2022
ntopng before 3.0 allows HTTP Response Splitting. High Unreviewed
CVE-2017-7459 was published May 13, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to... High Unreviewed
CVE-2017-6971 was published May 13, 2022
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an... High Unreviewed
CVE-2017-6748 was published May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... High Unreviewed
CVE-2017-3547 was published May 13, 2022
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7... High Unreviewed
CVE-2015-1592 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database