Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders... Critical Unreviewed
CVE-2017-11139 was published May 14, 2022
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001... Critical Unreviewed
CVE-2018-11228 was published May 14, 2022
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer:... Critical Unreviewed
CVE-2019-10664 was published May 14, 2022
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite... Critical Unreviewed
CVE-2017-7774 was published May 14, 2022
The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. Critical Unreviewed
CVE-2019-7412 was published May 14, 2022
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp... Critical Unreviewed
CVE-2018-18018 was published May 14, 2022
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Critical Unreviewed
CVE-2019-8979 was published May 14, 2022
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH... Critical Unreviewed
CVE-2022-35843 was published Dec 6, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed
CVE-2017-1000493 was published May 14, 2022
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored... Critical Unreviewed
CVE-2022-46332 was published Dec 6, 2022
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows... Critical Unreviewed
CVE-2014-3990 was published May 14, 2022
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors... Critical Unreviewed
CVE-2016-7443 was published May 14, 2022
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote... Critical Unreviewed
CVE-2019-9184 was published May 14, 2022
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components... Critical Unreviewed
CVE-2016-7415 was published May 14, 2022
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before... Critical Unreviewed
CVE-2014-9654 was published May 14, 2022
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in... Critical Unreviewed
CVE-2014-9911 was published May 14, 2022
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C... Critical Unreviewed
CVE-2017-17484 was published May 14, 2022
A memory corruption issue was addressed with improved input validation. This issue affected... Critical Unreviewed
CVE-2018-4367 was published May 14, 2022
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x... Critical Unreviewed
CVE-2015-4603 was published May 14, 2022
An input validation issue was addressed with improved input validation. This issue affected... Critical Unreviewed
CVE-2018-4295 was published May 14, 2022
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL... Critical Unreviewed
CVE-2019-6506 was published May 14, 2022
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php... Critical Unreviewed
CVE-2018-18798 was published May 14, 2022
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of ... Critical Unreviewed
CVE-2018-19595 was published May 14, 2022
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the... Critical Unreviewed
CVE-2019-10647 was published May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database