Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,750 advisories

Loading
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. Critical Unreviewed
CVE-2019-9548 was published May 24, 2022
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated... Critical Unreviewed
CVE-2019-8385 was published May 24, 2022
An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an... Critical Unreviewed
CVE-2019-9642 was published May 24, 2022
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com... Critical Unreviewed
CVE-2018-10171 was published May 24, 2022
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4... Critical Unreviewed
CVE-2019-3723 was published May 24, 2022
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and... Critical Unreviewed
CVE-2019-12135 was published May 24, 2022
Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No... Critical Unreviewed
CVE-2019-11523 was published May 24, 2022
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET... Critical Unreviewed
CVE-2018-10698 was published May 24, 2022
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through... Critical Unreviewed
CVE-2018-20091 was published May 24, 2022
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL... Critical Unreviewed
CVE-2019-12598 was published May 24, 2022
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL... Critical Unreviewed
CVE-2019-12600 was published May 24, 2022
A security regression of CVE-2019-9636 was discovered in python since commit... Critical Unreviewed
CVE-2019-10160 was published May 24, 2022
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL... Critical Unreviewed
CVE-2019-12601 was published May 24, 2022
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi... Critical Unreviewed
CVE-2019-12771 was published May 24, 2022
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. Critical Unreviewed
CVE-2019-12599 was published May 24, 2022
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with... Critical Unreviewed
CVE-2019-12776 was published May 24, 2022
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to... Critical Unreviewed
CVE-2019-2097 was published May 24, 2022
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. Critical Unreviewed
CVE-2019-9086 was published May 24, 2022
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. Critical Unreviewed
CVE-2019-9087 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the... Critical Unreviewed
CVE-2018-20353 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed
CVE-2018-20356 was published May 24, 2022
An invalid write of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed
CVE-2018-20355 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the... Critical Unreviewed
CVE-2018-20354 was published May 24, 2022
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the... Critical Unreviewed
CVE-2019-12780 was published May 24, 2022
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with... Critical Unreviewed
CVE-2019-9879 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API