Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,457 advisories

Loading
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Critical Unreviewed
CVE-2022-44175 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. Critical Unreviewed
CVE-2022-44176 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. Critical Unreviewed
CVE-2022-44177 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. Critical Unreviewed
CVE-2022-44172 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. Critical Unreviewed
CVE-2022-44183 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. Critical Unreviewed
CVE-2022-44178 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. Critical Unreviewed
CVE-2022-44171 was published Nov 21, 2022
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden... Critical Unreviewed
CVE-2021-24649 was published Nov 21, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be... Critical Unreviewed
CVE-2022-45132 was published Nov 19, 2022
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed
CVE-2022-44584 was published Nov 19, 2022
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Critical Unreviewed
CVE-2022-42497 was published Nov 19, 2022
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1... Critical Unreviewed
CVE-2022-42698 was published Nov 19, 2022
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Critical Unreviewed
CVE-2022-41155 was published Nov 19, 2022
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Critical Unreviewed
CVE-2022-41840 was published Nov 18, 2022
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Critical Unreviewed
CVE-2022-41652 was published Nov 18, 2022
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Critical Unreviewed
CVE-2022-41781 was published Nov 18, 2022
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Critical Unreviewed
CVE-2022-45474 was published Nov 18, 2022
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. Critical Unreviewed
CVE-2022-44204 was published Nov 18, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the... Critical Unreviewed
CVE-2022-44001 was published Nov 18, 2022
Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get... Critical Unreviewed
CVE-2022-36787 was published Nov 18, 2022
DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers ... Critical Unreviewed
CVE-2022-36786 was published Nov 18, 2022
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). Critical Unreviewed
CVE-2022-38165 was published Nov 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database