Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,879 advisories

Loading
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username... Critical Unreviewed
CVE-2021-34111 was published May 21, 2022
Unescaped control characters in Gitblit Critical
CVE-2022-31267 was published for com.gitblit:gitblit (Maven) May 22, 2022
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. Critical Unreviewed
CVE-2022-1813 was published May 23, 2022
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are... Critical Unreviewed
CVE-2021-32941 was published May 24, 2022
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS... Critical Unreviewed
CVE-2022-1467 was published May 24, 2022
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes... Critical Unreviewed
CVE-2021-32935 was published May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Critical Unreviewed
CVE-2022-28932 was published May 24, 2022
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before... Critical Unreviewed
CVE-2022-0781 was published May 24, 2022
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied... Critical Unreviewed
CVE-2022-1014 was published May 24, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the... Critical Unreviewed
CVE-2019-11322 was published May 24, 2022
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch... Critical Unreviewed
CVE-2019-11320 was published May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the... Critical Unreviewed
CVE-2019-11319 was published May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2... Critical Unreviewed
CVE-2019-11034 was published May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2... Critical Unreviewed
CVE-2019-11035 was published May 24, 2022
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress... Critical Unreviewed
CVE-2019-11223 was published May 24, 2022
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code... Critical Unreviewed
CVE-2019-9161 was published May 24, 2022
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account... Critical Unreviewed
CVE-2019-9160 was published May 24, 2022
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading... Critical Unreviewed
CVE-2019-11344 was published May 24, 2022
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows... Critical Unreviewed
CVE-2019-11350 was published May 24, 2022
In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This... Critical Unreviewed
CVE-2019-2030 was published May 24, 2022
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is... Critical Unreviewed
CVE-2018-20817 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database