GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type...
Critical
Unreviewed
CVE-2018-18887
was published
May 14, 2022
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as...
Critical
Unreviewed
CVE-2017-8248
was published
May 14, 2022
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2018-1149
was published
May 14, 2022
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl...
Critical
Unreviewed
CVE-2018-18928
was published
May 14, 2022
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5,...
Critical
Unreviewed
CVE-2016-10191
was published
May 14, 2022
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote...
Critical
Unreviewed
CVE-2018-19692
was published
May 14, 2022
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption...
Critical
Unreviewed
CVE-2018-5186
was published
May 14, 2022
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks...
Critical
Unreviewed
CVE-2018-16168
was published
May 14, 2022
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL...
Critical
Unreviewed
CVE-2018-13350
was published
May 14, 2022
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340,...
Critical
Unreviewed
CVE-2018-7241
was published
May 14, 2022
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers...
Critical
Unreviewed
CVE-2018-13315
was published
May 14, 2022
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main...
Critical
Unreviewed
CVE-2018-19557
was published
May 14, 2022
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the...
Critical
Unreviewed
CVE-2018-19559
was published
May 14, 2022
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
Critical
Unreviewed
CVE-2018-17243
was published
May 14, 2022
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
Critical
Unreviewed
CVE-2018-18792
was published
May 14, 2022
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
Critical
Unreviewed
CVE-2018-18861
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request...
Critical
Unreviewed
CVE-2016-10731
was published
May 14, 2022
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
Critical
Unreviewed
CVE-2018-18763
was published
May 14, 2022
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because...
Critical
Unreviewed
CVE-2018-19530
was published
May 14, 2022
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
Critical
Unreviewed
CVE-2018-18796
was published
May 14, 2022
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
Critical
Unreviewed
CVE-2018-18822
was published
May 14, 2022
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because...
Critical
Unreviewed
CVE-2018-19531
was published
May 14, 2022
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by...
Critical
Unreviewed
CVE-2018-14957
was published
May 14, 2022
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an...
Critical
Unreviewed
CVE-2018-15540
was published
May 14, 2022
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser...
Critical
Unreviewed
CVE-2018-1000830
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API