Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently... Critical Unreviewed
CVE-2018-5955 was published May 14, 2022
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an... Critical Unreviewed
CVE-2018-7548 was published May 14, 2022
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a... Critical Unreviewed
CVE-2018-12882 was published May 14, 2022
A use-after-free vulnerability can occur after deleting a selection element due to a weak... Critical Unreviewed
CVE-2018-18492 was published May 14, 2022
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively.... Critical Unreviewed
CVE-2019-9118 was published May 14, 2022
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. Critical Unreviewed
CVE-2018-19601 was published May 14, 2022
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to... Critical Unreviewed
CVE-2017-18362 was published May 14, 2022
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For... Critical Unreviewed
CVE-2018-17412 was published May 14, 2022
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka... Critical Unreviewed
CVE-2016-7568 was published May 14, 2022
GIG Technology NV JumpScale Portal 7 version before commit... Critical Unreviewed
CVE-2018-1000666 was published May 14, 2022
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has... Critical Unreviewed
CVE-2018-18450 was published May 14, 2022
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService... Critical Unreviewed
CVE-2019-8982 was published May 14, 2022
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file... Critical Unreviewed
CVE-2019-7684 was published May 14, 2022
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0,... Critical Unreviewed
CVE-2018-9583 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10... Critical Unreviewed
CVE-2018-4124 was published May 14, 2022
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all... Critical Unreviewed
CVE-2022-38381 was published Nov 2, 2022
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Critical Unreviewed
CVE-2019-7747 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is... Critical Unreviewed
CVE-2017-7103 was published May 14, 2022
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory... Critical Unreviewed
CVE-2018-5337 was published May 14, 2022
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow... Critical Unreviewed
CVE-2017-7865 was published May 14, 2022
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing... Critical Unreviewed
CVE-2018-5341 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is... Critical Unreviewed
CVE-2017-7108 was published May 14, 2022
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i,... Critical Unreviewed
CVE-2018-20770 was published May 14, 2022
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5... Critical Unreviewed
CVE-2018-8734 was published May 14, 2022
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i,... Critical Unreviewed
CVE-2018-20771 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database