GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 ...
Critical
Unreviewed
CVE-2019-15699
was published
May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table...
Critical
Unreviewed
CVE-2019-16692
was published
May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when...
Critical
Unreviewed
CVE-2019-16695
was published
May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when...
Critical
Unreviewed
CVE-2019-16693
was published
May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter...
Critical
Unreviewed
CVE-2019-16694
was published
May 24, 2022
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when...
Critical
Unreviewed
CVE-2019-16696
was published
May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
Critical
Unreviewed
CVE-2018-21018
was published
May 24, 2022
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing...
Critical
Unreviewed
CVE-2019-16656
was published
May 24, 2022
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x...
Critical
Unreviewed
CVE-2019-5521
was published
May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the...
Critical
Unreviewed
CVE-2019-14914
was published
May 24, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
The specific fields of CGI interface of some Dahua products are not strictly verified, an...
Critical
Unreviewed
CVE-2019-9677
was published
May 24, 2022
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are...
Critical
Unreviewed
CVE-2019-5066
was published
May 24, 2022
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm...
Critical
Unreviewed
CVE-2019-15301
was published
May 24, 2022
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well...
Critical
Unreviewed
CVE-2019-14254
was published
May 24, 2022
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an...
Critical
Unreviewed
CVE-2019-13550
was published
May 24, 2022
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501...
Critical
Unreviewed
CVE-2019-6837
was published
May 24, 2022
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX...
Critical
Unreviewed
CVE-2019-6840
was published
May 24, 2022
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by...
Critical
Unreviewed
CVE-2019-16199
was published
May 24, 2022
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2...
Critical
Unreviewed
CVE-2018-7820
was published
May 24, 2022
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Critical
Unreviewed
CVE-2019-5482
was published
May 24, 2022
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in...
Critical
Unreviewed
CVE-2019-16366
was published
May 24, 2022
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)...
Critical
Unreviewed
CVE-2019-16264
was published
May 24, 2022
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with...
Critical
Unreviewed
CVE-2019-15741
was published
May 24, 2022
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because...
Critical
Unreviewed
CVE-2016-10971
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API