Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,906 advisories

Loading
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2645 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2658 was published May 24, 2022
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The... Critical Unreviewed
CVE-2019-2699 was published May 24, 2022
Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle... Critical Unreviewed
CVE-2019-2702 was published May 24, 2022
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed
CVE-2019-7304 was published May 24, 2022
LibreNMS arbitrary OS commands execution Critical
CVE-2018-20434 was published for librenms/librenms (Composer) May 24, 2022
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface... Critical Unreviewed
CVE-2019-7727 was published May 24, 2022
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through... Critical Unreviewed
CVE-2018-18251 was published May 24, 2022
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of... Critical Unreviewed
CVE-2019-11217 was published May 24, 2022
A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an... Critical Unreviewed
CVE-2019-11081 was published May 24, 2022
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0... Critical Unreviewed
CVE-2019-3793 was published May 24, 2022
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An... Critical Unreviewed
CVE-2019-7214 was published May 24, 2022
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO... Critical Unreviewed
CVE-2019-8993 was published May 24, 2022
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud... Critical Unreviewed
CVE-2019-9950 was published May 24, 2022
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud... Critical Unreviewed
CVE-2019-9951 was published May 24, 2022
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac... Critical Unreviewed
CVE-2018-19442 was published May 24, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization Critical
CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022
The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F... Critical Unreviewed
CVE-2018-14991 was published May 24, 2022
The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android... Critical Unreviewed
CVE-2018-14999 was published May 24, 2022
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated... Critical Unreviewed
CVE-2018-18286 was published May 24, 2022
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated... Critical Unreviewed
CVE-2018-18285 was published May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an... Critical Unreviewed
CVE-2019-3801 was published May 24, 2022
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The... Critical Unreviewed
CVE-2018-18512 was published May 24, 2022
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and... Critical Unreviewed
CVE-2019-11540 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database