Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,458 advisories

Loading
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. Critical Unreviewed
CVE-2022-44117 was published Nov 23, 2022
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. Critical Unreviewed
CVE-2022-44118 was published Nov 23, 2022
dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. Critical Unreviewed
CVE-2022-43196 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter... Critical Unreviewed
CVE-2022-44250 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44249 was published Nov 23, 2022
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. Critical Unreviewed
CVE-2022-44139 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main... Critical Unreviewed
CVE-2022-44255 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Critical Unreviewed
CVE-2021-35284 was published Nov 23, 2022
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when... Critical Unreviewed
CVE-2020-23584 was published Nov 23, 2022
OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the... Critical Unreviewed
CVE-2020-23583 was published Nov 23, 2022
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1... Critical Unreviewed
CVE-2020-23591 was published Nov 23, 2022
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id... Critical Unreviewed
CVE-2022-43213 was published Nov 23, 2022
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access... Critical Unreviewed
CVE-2022-39070 was published Nov 22, 2022
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-43212 was published Nov 22, 2022
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter... Critical Unreviewed
CVE-2022-44188 was published Nov 22, 2022
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. Critical Unreviewed
CVE-2022-44191 was published Nov 22, 2022
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters:... Critical Unreviewed
CVE-2022-44193 was published Nov 22, 2022
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Critical Unreviewed
CVE-2022-44199 was published Nov 22, 2022
Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters:... Critical Unreviewed
CVE-2022-44200 was published Nov 22, 2022
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. Critical Unreviewed
CVE-2022-44198 was published Nov 22, 2022
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. Critical Unreviewed
CVE-2022-44196 was published Nov 22, 2022
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-42989 was published Nov 22, 2022
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. Critical Unreviewed
CVE-2022-44190 was published Nov 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database