GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script,...
Critical
Unreviewed
CVE-2019-9855
was published
May 24, 2022
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension...
Critical
Unreviewed
CVE-2019-11926
was published
May 24, 2022
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing...
Critical
Unreviewed
CVE-2019-15846
was published
May 24, 2022
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and...
Critical
Unreviewed
CVE-2019-13656
was published
May 24, 2022
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and...
Critical
Unreviewed
CVE-2019-15102
was published
May 24, 2022
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where...
Critical
Unreviewed
CVE-2019-14813
was published
May 24, 2022
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl...
Critical
Unreviewed
CVE-2016-7398
was published
May 24, 2022
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension...
Critical
Unreviewed
CVE-2019-11925
was published
May 24, 2022
hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via...
Critical
Unreviewed
CVE-2019-10892
was published
May 24, 2022
D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing...
Critical
Unreviewed
CVE-2019-10891
was published
May 24, 2022
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network...
Critical
Unreviewed
CVE-2019-1976
was published
May 24, 2022
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an...
Critical
Unreviewed
CVE-2019-13187
was published
May 24, 2022
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the...
Critical
Unreviewed
CVE-2019-13188
was published
May 24, 2022
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4,...
Critical
Unreviewed
CVE-2019-6644
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the...
Critical
Unreviewed
CVE-2019-15926
was published
May 24, 2022
eGain Chat 15.0.3 allows unrestricted file upload.
Critical
Unreviewed
CVE-2019-13976
was published
May 24, 2022
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated...
Critical
Unreviewed
CVE-2019-10709
was published
May 24, 2022
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x...
Critical
Unreviewed
CVE-2019-10197
was published
May 24, 2022
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.
Critical
Unreviewed
CVE-2019-15872
was published
May 24, 2022
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before...
Critical
Unreviewed
CVE-2019-5608
was published
May 24, 2022
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory...
Critical
Unreviewed
CVE-2019-15822
was published
May 24, 2022
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Critical
Unreviewed
CVE-2019-15825
was published
May 24, 2022
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Critical
Unreviewed
CVE-2019-15824
was published
May 24, 2022
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Critical
Unreviewed
CVE-2019-15823
was published
May 24, 2022
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in...
Critical
Unreviewed
CVE-2019-15826
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API