GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,303 advisories
Filter by severity
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts...
Moderate
Unreviewed
CVE-2019-16664
was published
May 24, 2022
Ogma CMS 0.5 has XSS via creation of a new blog.
Moderate
Unreviewed
CVE-2019-16661
was published
May 24, 2022
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article...
Moderate
Unreviewed
CVE-2019-16657
was published
May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to...
Moderate
Unreviewed
CVE-2019-14916
was published
May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This...
Moderate
Unreviewed
CVE-2019-14915
was published
May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output...
Moderate
Unreviewed
CVE-2019-14911
was published
May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto...
Moderate
Unreviewed
CVE-2019-14912
was published
May 24, 2022
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2....
Moderate
Unreviewed
CVE-2019-11327
was published
May 24, 2022
Prospecta Master Data Online (MDO) allows CSRF.
Moderate
Unreviewed
CVE-2018-17789
was published
May 24, 2022
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because...
Moderate
Unreviewed
CVE-2015-9390
was published
May 24, 2022
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
Moderate
Unreviewed
CVE-2015-9388
was published
May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of...
Moderate
Unreviewed
CVE-2019-3738
was published
May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing...
Moderate
Unreviewed
CVE-2019-3739
was published
May 24, 2022
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
Moderate
Unreviewed
CVE-2015-9387
was published
May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through...
Moderate
Unreviewed
CVE-2019-3740
was published
May 24, 2022
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill...
Moderate
Unreviewed
CVE-2019-16525
was published
May 24, 2022
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment...
Moderate
Unreviewed
CVE-2019-16511
was published
May 24, 2022
If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last...
Moderate
Unreviewed
CVE-2019-11778
was published
May 24, 2022
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0...
Moderate
Unreviewed
CVE-2018-1847
was published
May 24, 2022
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an...
Moderate
Unreviewed
CVE-2019-12620
was published
May 24, 2022
Online upgrade information in some firmware packages of Dahua products is not encrypted....
Moderate
Unreviewed
CVE-2019-9681
was published
May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache...
Moderate
Unreviewed
CVE-2019-14826
was published
May 24, 2022
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0,...
Moderate
Unreviewed
CVE-2019-13542
was published
May 24, 2022
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music...
Moderate
Unreviewed
CVE-2016-10992
was published
May 24, 2022
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php...
Moderate
Unreviewed
CVE-2016-10983
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API