Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Critical Unreviewed
CVE-2019-5748 was published May 14, 2022
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could... Critical Unreviewed
CVE-2018-6329 was published May 14, 2022
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit... Critical Unreviewed
CVE-2019-9594 was published May 14, 2022
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote... Critical Unreviewed
CVE-2018-6127 was published May 14, 2022
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows... Critical Unreviewed
CVE-2018-6012 was published May 14, 2022
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A... Critical Unreviewed
CVE-2018-19036 was published May 14, 2022
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. Critical Unreviewed
CVE-2019-9047 was published May 14, 2022
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices... Critical Unreviewed
CVE-2018-12668 was published May 14, 2022
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet... Critical Unreviewed
CVE-2018-15497 was published May 14, 2022
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any... Critical Unreviewed
CVE-2019-0259 was published May 14, 2022
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login... Critical Unreviewed
CVE-2019-8393 was published May 14, 2022
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication... Critical Unreviewed
CVE-2016-0916 was published May 14, 2022
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04... Critical Unreviewed
CVE-2018-20568 was published May 14, 2022
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend... Critical Unreviewed
CVE-2018-18888 was published May 14, 2022
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query]... Critical Unreviewed
CVE-2019-8423 was published May 14, 2022
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only... Critical Unreviewed
CVE-2018-12666 was published May 14, 2022
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data,... Critical Unreviewed
CVE-2018-18753 was published May 14, 2022
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin... Critical Unreviewed
CVE-2018-20577 was published May 14, 2022
@keystone-6/core's NODE_ENV defaults to development with esbuild Critical
CVE-2022-39382 was published for @keystone-6/core (npm) Nov 3, 2022
acburdine
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena... Critical Unreviewed
CVE-2018-19645 was published May 14, 2022
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a... Critical Unreviewed
CVE-2019-9028 was published May 14, 2022
An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd... Critical Unreviewed
CVE-2018-6908 was published May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. Critical Unreviewed
CVE-2019-6295 was published May 14, 2022
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion... Critical Unreviewed
CVE-2019-9015 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database