GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via ...
Critical
Unreviewed
CVE-2019-16314
was published
May 24, 2022
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.
Critical
Unreviewed
CVE-2019-16309
was published
May 24, 2022
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The...
Critical
Unreviewed
CVE-2019-13923
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)....
Critical
Unreviewed
CVE-2019-13918
was published
May 24, 2022
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially...
Critical
Unreviewed
CVE-2019-13548
was published
May 24, 2022
A remote code execution vulnerability is present in network-listening components in some versions...
Critical
Unreviewed
CVE-2018-7081
was published
May 24, 2022
Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction...
Critical
Unreviewed
CVE-2019-6005
was published
May 24, 2022
Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/...
Critical
Unreviewed
CVE-2019-16261
was published
May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ...
Critical
Unreviewed
CVE-2019-3638
was published
May 24, 2022
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a...
Critical
Unreviewed
CVE-2019-14237
was published
May 24, 2022
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices,...
Critical
Unreviewed
CVE-2019-14236
was published
May 24, 2022
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE...
Critical
Unreviewed
CVE-2019-11898
was published
May 24, 2022
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is...
Critical
Unreviewed
CVE-2019-0189
was published
May 24, 2022
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field...
Critical
Unreviewed
CVE-2019-10074
was published
May 24, 2022
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated...
Critical
Unreviewed
CVE-2019-3975
was published
May 24, 2022
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import...
Critical
Unreviewed
CVE-2019-15896
was published
May 24, 2022
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a...
Critical
Unreviewed
CVE-2019-14457
was published
May 24, 2022
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
Critical
Unreviewed
CVE-2019-10256
was published
May 24, 2022
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network...
Critical
Unreviewed
CVE-2019-11495
was published
May 24, 2022
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote...
Critical
Unreviewed
CVE-2019-16192
was published
May 24, 2022
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey...
Critical
Unreviewed
CVE-2019-16184
was published
May 24, 2022
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR...
Critical
Unreviewed
CVE-2019-16190
was published
May 24, 2022
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
Critical
Unreviewed
CVE-2019-16093
was published
May 24, 2022
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
Critical
Unreviewed
CVE-2019-16092
was published
May 24, 2022
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for...
Critical
Unreviewed
CVE-2019-16102
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API