GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,388
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,090
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,456

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,809 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 ... Critical Unreviewed

CVE-2019-15699 was published May 24, 2022

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table... Critical Unreviewed

CVE-2019-16692 was published May 24, 2022

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when... Critical Unreviewed

CVE-2019-16695 was published May 24, 2022

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when... Critical Unreviewed

CVE-2019-16693 was published May 24, 2022

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter... Critical Unreviewed

CVE-2019-16694 was published May 24, 2022

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when... Critical Unreviewed

CVE-2019-16696 was published May 24, 2022

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed

CVE-2018-21018 was published May 24, 2022

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing... Critical Unreviewed

CVE-2019-16656 was published May 24, 2022

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x... Critical Unreviewed

CVE-2019-5521 was published May 24, 2022

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the... Critical Unreviewed

CVE-2019-14914 was published May 24, 2022

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability.... Critical Unreviewed

CVE-2019-3758 was published May 24, 2022

The specific fields of CGI interface of some Dahua products are not strictly verified, an... Critical Unreviewed

CVE-2019-9677 was published May 24, 2022

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are... Critical Unreviewed

CVE-2019-5066 was published May 24, 2022

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm... Critical Unreviewed

CVE-2019-15301 was published May 24, 2022

An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well... Critical Unreviewed

CVE-2019-14254 was published May 24, 2022

In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an... Critical Unreviewed

CVE-2019-13550 was published May 24, 2022

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed

CVE-2019-6837 was published May 24, 2022

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX... Critical Unreviewed

CVE-2019-6840 was published May 24, 2022

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by... Critical Unreviewed

CVE-2019-16199 was published May 24, 2022

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2... Critical Unreviewed

CVE-2018-7820 was published May 24, 2022

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Critical Unreviewed

CVE-2019-5482 was published May 24, 2022

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in... Critical Unreviewed

CVE-2019-16366 was published May 24, 2022

In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)... Critical Unreviewed

CVE-2019-16264 was published May 24, 2022

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with... Critical Unreviewed

CVE-2019-15741 was published May 24, 2022

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because... Critical Unreviewed

CVE-2016-10971 was published May 24, 2022

Previous 1 2 … 394 395 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

18,809 advisories