Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to... Critical Unreviewed
CVE-2016-3957 was published May 14, 2022
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute... Critical Unreviewed
CVE-2018-19864 was published May 14, 2022
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2... Critical Unreviewed
CVE-2018-1000005 was published May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2.... Critical Unreviewed
CVE-2018-12356 was published May 14, 2022
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require... Critical Unreviewed
CVE-2019-3859 was published May 14, 2022
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to... Critical Unreviewed
CVE-2016-10714 was published May 14, 2022
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot... Critical Unreviewed
CVE-2016-5762 was published May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed
CVE-2016-5022 was published May 14, 2022
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function... Critical Unreviewed
CVE-2018-8788 was published May 14, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions... Critical Unreviewed
CVE-2018-7780 was published May 14, 2022
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers... Critical Unreviewed
CVE-2016-2008 was published May 14, 2022
D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2022-28958 was published May 19, 2022
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to... Critical Unreviewed
CVE-2022-29776 was published Jun 3, 2022
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC... Critical Unreviewed
CVE-2019-4169 was published May 24, 2022
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP... Critical Unreviewed
CVE-2015-5739 was published May 14, 2022
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox... Critical Unreviewed
CVE-2019-10063 was published May 14, 2022
Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8... Critical Unreviewed
CVE-2017-17108 was published May 14, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed
CVE-2022-44351 was published Dec 7, 2022
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-44371 was published Dec 7, 2022
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that... Critical Unreviewed
CVE-2018-20162 was published May 14, 2022
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web... Critical Unreviewed
CVE-2018-18258 was published May 14, 2022
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2... Critical Unreviewed
CVE-2019-8375 was published May 14, 2022
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers... Critical Unreviewed
CVE-2015-7988 was published May 14, 2022
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File... Critical Unreviewed
CVE-2019-6714 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database