GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,799 advisories
Filter by severity
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many...
Critical
Unreviewed
CVE-2019-15784
was published
May 24, 2022
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.
Critical
Unreviewed
CVE-2019-15783
was published
May 24, 2022
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.
Critical
Unreviewed
CVE-2019-15786
was published
May 24, 2022
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in...
Critical
Unreviewed
CVE-2019-15788
was published
May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses...
Critical
Unreviewed
CVE-2019-14943
was published
May 24, 2022
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure...
Critical
Unreviewed
CVE-2019-13405
was published
May 24, 2022
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up...
Critical
Unreviewed
CVE-2019-11064
was published
May 24, 2022
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to...
Critical
Unreviewed
CVE-2018-21007
was published
May 24, 2022
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could...
Critical
Unreviewed
CVE-2019-12643
was published
May 24, 2022
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade,...
Critical
Unreviewed
CVE-2019-15294
was published
May 24, 2022
Various Lexmark products have Incorrect Access Control.
Critical
Unreviewed
CVE-2019-10058
was published
May 24, 2022
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src...
Critical
Unreviewed
CVE-2019-15651
was published
May 24, 2022
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE...
Critical
Unreviewed
CVE-2019-15659
was published
May 24, 2022
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.10 for...
Critical
Unreviewed
CVE-2019-14314
was published
May 24, 2022
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component...
Critical
Unreviewed
CVE-2019-13486
was published
May 24, 2022
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
Critical
Unreviewed
CVE-2019-15646
was published
May 24, 2022
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer...
Critical
Unreviewed
CVE-2019-13485
was published
May 24, 2022
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert...
Critical
Unreviewed
CVE-2019-13455
was published
May 24, 2022
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
Critical
Unreviewed
CVE-2019-13452
was published
May 24, 2022
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of ...
Critical
Unreviewed
CVE-2019-13484
was published
May 24, 2022
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The...
Critical
Unreviewed
CVE-2019-13273
was published
May 24, 2022
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
Critical
Unreviewed
CVE-2019-13451
was published
May 24, 2022
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
Critical
Unreviewed
CVE-2016-10935
was published
May 24, 2022
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
Critical
Unreviewed
CVE-2018-21005
was published
May 24, 2022
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
Critical
Unreviewed
CVE-2018-21003
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API