Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0 Critical
CVE-2019-16303 was published for generator-jhipster-kotlin (npm) Jun 26, 2020
JLLeitschuh
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight... Critical Unreviewed
CVE-2023-0245 was published Jan 12, 2023
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to... Critical Unreviewed
CVE-2022-48253 was published Jan 11, 2023
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function... Critical Unreviewed
CVE-2023-0243 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... Critical Unreviewed
CVE-2017-16325 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... Critical Unreviewed
CVE-2017-16295 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... Critical Unreviewed
CVE-2017-16296 was published Jan 12, 2023
phpMyFAQ Improper Authentication vulnerability Critical
CVE-2023-0311 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP... Critical Unreviewed
CVE-2018-18439 was published May 14, 2022
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher` Critical
GHSA-xr8x-pxm6-prjg was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher (Maven) Jan 23, 2023
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before... Critical Unreviewed
CVE-2016-4174 was published May 14, 2022
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before... Critical Unreviewed
CVE-2016-4173 was published May 14, 2022
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free... Critical Unreviewed
CVE-2017-3003 was published May 14, 2022
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free... Critical Unreviewed
CVE-2017-3001 was published May 14, 2022
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption... Critical Unreviewed
CVE-2017-2999 was published May 14, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to... Critical Unreviewed
CVE-2022-4101 was published Jan 16, 2023
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be... Critical Unreviewed
CVE-2022-4060 was published Jan 16, 2023
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.... Critical Unreviewed
CVE-2022-4890 was published Jan 16, 2023
A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This... Critical Unreviewed
CVE-2014-125077 was published Jan 15, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical.... Critical Unreviewed
CVE-2015-10057 was published Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database