GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0...
Critical
Unreviewed
CVE-2017-2320
was published
May 13, 2022
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
Critical
Unreviewed
CVE-2022-28721
was published
Sep 27, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and...
Critical
Unreviewed
CVE-2017-18129
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon...
Critical
Unreviewed
CVE-2017-18130
was published
May 13, 2022
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which...
Critical
Unreviewed
CVE-2017-16935
was published
May 13, 2022
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any...
Critical
Unreviewed
CVE-2017-15597
was published
May 13, 2022
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view...
Critical
Unreviewed
CVE-2017-15877
was published
May 13, 2022
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended...
Critical
Unreviewed
CVE-2017-16885
was published
May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10...
Critical
Unreviewed
CVE-2017-16924
was published
May 13, 2022
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before...
Critical
Unreviewed
CVE-2017-18044
was published
May 13, 2022
The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on...
Critical
Unreviewed
CVE-2022-2314
was published
Aug 16, 2022
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in...
Critical
Unreviewed
CVE-2020-27602
was published
Sep 30, 2022
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This...
Critical
Unreviewed
CVE-2017-15295
was published
May 13, 2022
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username,...
Critical
Unreviewed
CVE-2017-16562
was published
May 13, 2022
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration...
Critical
Unreviewed
CVE-2017-17759
was published
May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because...
Critical
Unreviewed
CVE-2017-15226
was published
May 13, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,...
Critical
Unreviewed
CVE-2017-17301
was published
May 13, 2022
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to...
Critical
Unreviewed
CVE-2017-17794
was published
May 13, 2022
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in...
Critical
Unreviewed
CVE-2020-35674
was published
Sep 30, 2022
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a...
Critical
Unreviewed
CVE-2017-1710
was published
May 13, 2022
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A,...
Critical
Unreviewed
CVE-2017-14910
was published
May 13, 2022
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Critical
Unreviewed
CVE-2017-15032
was published
May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently...
Critical
Unreviewed
CVE-2017-14942
was published
May 13, 2022
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell...
Critical
Unreviewed
CVE-2017-16926
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API