GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows...
High
Unreviewed
CVE-2008-6326
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset...
Moderate
Unreviewed
CVE-2008-6240
was published
May 17, 2022
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative...
High
Unreviewed
CVE-2008-6300
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote...
Moderate
Unreviewed
CVE-2008-6211
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote...
Moderate
Unreviewed
CVE-2008-6208
was published
May 17, 2022
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious...
Critical
Unreviewed
CVE-2021-20236
was published
May 24, 2022
Agentflow BPM enterprise management system has improper authentication. A remote attacker with...
High
Unreviewed
CVE-2022-39038
was published
Nov 10, 2022
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote...
High
Unreviewed
CVE-2022-42786
was published
Nov 10, 2022
mm-wiki is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2021-40289
was published
for
github.com/phachon/mm-wiki
(Go)
Nov 10, 2022
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config...
High
Unreviewed
CVE-2022-3461
was published
Nov 15, 2022
Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote...
High
Unreviewed
CVE-2010-1605
was published
May 17, 2022
Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery...
High
Unreviewed
CVE-2010-1577
was published
May 17, 2022
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a...
High
Unreviewed
CVE-2010-1574
was published
May 17, 2022
SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers...
High
Unreviewed
CVE-2010-1599
was published
May 17, 2022
SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt...
High
Unreviewed
CVE-2010-1588
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal...
Low
Unreviewed
CVE-2010-1584
was published
May 17, 2022
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and...
High
Unreviewed
CVE-2021-3115
was published
May 24, 2022
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will...
High
Unreviewed
CVE-2018-7580
was published
May 24, 2022
An out-of-bounds write vulnerability exists in the PSD Header processing functionality of...
High
Unreviewed
CVE-2020-13585
was published
May 24, 2022
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the...
High
Unreviewed
CVE-2020-13987
was published
May 24, 2022
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an...
High
Unreviewed
CVE-2020-0404
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21013
was published
May 24, 2022
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi...
Moderate
Unreviewed
CVE-2020-12262
was published
May 24, 2022
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating...
Critical
Unreviewed
CVE-2020-26201
was published
May 24, 2022
In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper...
Low
Unreviewed
CVE-2020-0368
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API