Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort... High Unreviewed
CVE-2017-16719 was published May 13, 2022
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ... High Unreviewed
CVE-2017-6031 was published May 13, 2022
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk... High Unreviewed
CVE-2017-6015 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... High Unreviewed
CVE-2018-18992 was published May 13, 2022
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,... High Unreviewed
CVE-2018-9062 was published May 13, 2022
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ... High Unreviewed
CVE-2015-4075 was published May 13, 2022
uiutil.c in FontForge through 20170731 does not validate strings before launching the program... High Unreviewed
CVE-2017-17521 was published May 13, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate... High Unreviewed
CVE-2017-17518 was published May 13, 2022
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by... High Unreviewed
CVE-2017-17531 was published May 13, 2022
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone,... High Unreviewed
CVE-2018-7032 was published May 13, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... High Unreviewed
CVE-2018-4106 was published May 13, 2022
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a... High Unreviewed
CVE-2018-18250 was published May 13, 2022
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated,... High Unreviewed
CVE-2018-0313 was published May 13, 2022
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a... High Unreviewed
CVE-2019-9614 was published May 13, 2022
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded... High Unreviewed
CVE-2015-8800 was published May 13, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows... High Unreviewed
CVE-2009-1781 was published May 2, 2022
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via... High Unreviewed
CVE-2005-3750 was published May 1, 2022
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web... High Unreviewed
CVE-2004-1157 was published Apr 29, 2022
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An... High Unreviewed
CVE-2022-1509 was published Apr 29, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input... High Unreviewed
CVE-2011-4558 was published Apr 22, 2022
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability... High Unreviewed
CVE-2011-2538 was published Apr 22, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database