Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Critical Unreviewed
CVE-2018-20664 was published May 14, 2022
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An... Critical Unreviewed
CVE-2019-4178 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Critical Unreviewed
CVE-2019-9174 was published May 14, 2022
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25... Critical Unreviewed
CVE-2016-7447 was published May 14, 2022
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote... Critical Unreviewed
CVE-2016-7446 was published May 14, 2022
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP... Critical Unreviewed
CVE-2019-3858 was published May 14, 2022
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with... Critical Unreviewed
CVE-2019-3860 was published May 14, 2022
Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes... Critical Unreviewed
CVE-2015-7669 was published May 14, 2022
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way... Critical Unreviewed
CVE-2019-3862 was published May 14, 2022
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote... Critical Unreviewed
CVE-2016-8964 was published May 14, 2022
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable... Critical Unreviewed
CVE-2018-12178 was published May 14, 2022
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to... Critical Unreviewed
CVE-2019-6713 was published May 14, 2022
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1... Critical Unreviewed
CVE-2018-19300 was published May 14, 2022
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4... Critical Unreviewed
CVE-2019-11014 was published May 14, 2022
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a... Critical Unreviewed
CVE-2018-19282 was published May 14, 2022
A configuration issue was addressed with additional restrictions. This issue affected versions... Critical Unreviewed
CVE-2018-4353 was published May 14, 2022
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded... Critical Unreviewed
CVE-2019-10479 was published May 14, 2022
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02... Critical Unreviewed
CVE-2019-10011 was published May 14, 2022
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud... Critical Unreviewed
CVE-2016-4616 was published May 14, 2022
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on... Critical Unreviewed
CVE-2017-13283 was published May 14, 2022
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause... Critical Unreviewed
CVE-2018-10243 was published May 14, 2022
XXE issue in Airsonic before 10.1.2 during parse. Critical Unreviewed
CVE-2018-20222 was published May 14, 2022
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2022-45010 was published Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database