Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed
CVE-2019-11168 was published May 24, 2022
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote... Critical Unreviewed
CVE-2019-18839 was published May 24, 2022
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed
CVE-2019-16948 was published May 24, 2022
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed
CVE-2019-5644 was published May 24, 2022
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. Critical Unreviewed
CVE-2019-18784 was published May 24, 2022
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote... Critical Unreviewed
CVE-2015-8980 was published May 24, 2022
A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows... Critical Unreviewed
CVE-2019-18663 was published May 24, 2022
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code... Critical Unreviewed
CVE-2019-18662 was published May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate... Critical Unreviewed
CVE-2019-18633 was published May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because... Critical Unreviewed
CVE-2019-18632 was published May 24, 2022
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow... Critical Unreviewed
CVE-2019-18465 was published May 24, 2022
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1... Critical Unreviewed
CVE-2019-18464 was published May 24, 2022
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow... Critical Unreviewed
CVE-2019-18364 was published May 24, 2022
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function,... Critical Unreviewed
CVE-2019-8287 was published May 24, 2022
TurboVNC server code contains stack buffer overflow vulnerability in commit prior to... Critical Unreviewed
CVE-2019-15683 was published May 24, 2022
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free... Critical Unreviewed
CVE-2019-18189 was published May 24, 2022
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may... Critical Unreviewed
CVE-2019-17181 was published May 24, 2022
In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120;... Critical Unreviewed
CVE-2019-16897 was published May 24, 2022
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8... Critical Unreviewed
CVE-2019-14450 was published May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via... Critical Unreviewed
CVE-2015-2320 was published May 24, 2022
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote... Critical Unreviewed
CVE-2015-3249 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14929 was published May 24, 2022
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by... Critical Unreviewed
CVE-2019-16662 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14926 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14931 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database