GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,388
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,090
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,456

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,809 advisories

Filter by severity

Sort by

Least recently updated

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type... Critical Unreviewed

CVE-2018-18887 was published May 14, 2022

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as... Critical Unreviewed

CVE-2017-8248 was published May 14, 2022

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2018-1149 was published May 14, 2022

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl... Critical Unreviewed

CVE-2018-18928 was published May 14, 2022

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5,... Critical Unreviewed

CVE-2016-10191 was published May 14, 2022

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote... Critical Unreviewed

CVE-2018-19692 was published May 14, 2022

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption... Critical Unreviewed

CVE-2018-5186 was published May 14, 2022

LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks... Critical Unreviewed

CVE-2018-16168 was published May 14, 2022

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL... Critical Unreviewed

CVE-2018-13350 was published May 14, 2022

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340,... Critical Unreviewed

CVE-2018-7241 was published May 14, 2022

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers... Critical Unreviewed

CVE-2018-13315 was published May 14, 2022

An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main... Critical Unreviewed

CVE-2018-19557 was published May 14, 2022

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the... Critical Unreviewed

CVE-2018-19559 was published May 14, 2022

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. Critical Unreviewed

CVE-2018-17243 was published May 14, 2022

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. Critical Unreviewed

CVE-2018-18792 was published May 14, 2022

Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Critical Unreviewed

CVE-2018-18861 was published May 14, 2022

ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request... Critical Unreviewed

CVE-2016-10731 was published May 14, 2022

SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. Critical Unreviewed

CVE-2018-18763 was published May 14, 2022

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because... Critical Unreviewed

CVE-2018-19530 was published May 14, 2022

Library Management System 1.0 has SQL Injection via the "Search for Books" screen. Critical Unreviewed

CVE-2018-18796 was published May 14, 2022

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. Critical Unreviewed

CVE-2018-18822 was published May 14, 2022

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because... Critical Unreviewed

CVE-2018-19531 was published May 14, 2022

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by... Critical Unreviewed

CVE-2018-14957 was published May 14, 2022

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an... Critical Unreviewed

CVE-2018-15540 was published May 14, 2022

XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser... Critical Unreviewed

CVE-2018-1000830 was published May 14, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

18,809 advisories