Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker... Critical Unreviewed
CVE-2019-18316 was published May 24, 2022
Intesync Solismed 3.3sp allows Insecure File Upload. Critical Unreviewed
CVE-2019-15936 was published May 24, 2022
Intesync Solismed 3.3sp has SQL Injection. Critical Unreviewed
CVE-2019-15933 was published May 24, 2022
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. Critical Unreviewed
CVE-2019-15931 was published May 24, 2022
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way... Critical Unreviewed
CVE-2019-19334 was published May 24, 2022
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way... Critical Unreviewed
CVE-2019-19333 was published May 24, 2022
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable... Critical Unreviewed
CVE-2018-7282 was published May 24, 2022
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by... Critical Unreviewed
CVE-2019-19521 was published May 24, 2022
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with... Critical Unreviewed
CVE-2019-15897 was published May 24, 2022
This command injection vulnerability in Music Station allows attackers to execute commands on the... Critical Unreviewed
CVE-2018-0729 was published May 24, 2022
An exploitable code execution vulnerability exists in the processing of multi-part/form-data... Critical Unreviewed
CVE-2019-5096 was published May 24, 2022
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by... Critical Unreviewed
CVE-2019-16885 was published May 24, 2022
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Critical Unreviewed
CVE-2019-19492 was published May 24, 2022
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically... Critical Unreviewed
CVE-2019-19015 was published May 24, 2022
Anviz access control devices allow unverified password change which allows remote attackers to... Critical Unreviewed
CVE-2019-12394 was published May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed
CVE-2019-19330 was published May 24, 2022
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of... Critical Unreviewed
CVE-2019-18580 was published May 24, 2022
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. Critical Unreviewed
CVE-2019-19249 was published May 24, 2022
OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server... Critical Unreviewed
CVE-2019-19250 was published May 24, 2022
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant... Critical Unreviewed
CVE-2019-18933 was published May 24, 2022
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic... Critical Unreviewed
CVE-2019-13566 was published May 24, 2022
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a... Critical Unreviewed
CVE-2019-18858 was published May 24, 2022
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23... Critical Unreviewed
CVE-2019-19113 was published May 24, 2022
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed
CVE-2018-20687 was published May 24, 2022
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed
CVE-2019-14678 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database