GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,144

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

26,868 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Anviz access control devices allow unverified password change which allows remote attackers to... Critical Unreviewed

CVE-2019-12394 was published May 24, 2022

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed

CVE-2019-19330 was published May 24, 2022

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of... Critical Unreviewed

CVE-2019-18580 was published May 24, 2022

Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. Critical Unreviewed

CVE-2019-19249 was published May 24, 2022

OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server... Critical Unreviewed

CVE-2019-19250 was published May 24, 2022

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant... Critical Unreviewed

CVE-2019-18933 was published May 24, 2022

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic... Critical Unreviewed

CVE-2019-13566 was published May 24, 2022

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a... Critical Unreviewed

CVE-2019-18858 was published May 24, 2022

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23... Critical Unreviewed

CVE-2019-19113 was published May 24, 2022

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan... Critical Unreviewed

CVE-2018-20687 was published May 24, 2022

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by... Critical Unreviewed

CVE-2019-14678 was published May 24, 2022

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed

CVE-2019-11168 was published May 24, 2022

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote... Critical Unreviewed

CVE-2019-18839 was published May 24, 2022

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed

CVE-2019-16948 was published May 24, 2022

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed

CVE-2019-5644 was published May 24, 2022

SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. Critical Unreviewed

CVE-2019-18784 was published May 24, 2022

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote... Critical Unreviewed

CVE-2015-8980 was published May 24, 2022

A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows... Critical Unreviewed

CVE-2019-18663 was published May 24, 2022

An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code... Critical Unreviewed

CVE-2019-18662 was published May 24, 2022

European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate... Critical Unreviewed

CVE-2019-18633 was published May 24, 2022

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because... Critical Unreviewed

CVE-2019-18632 was published May 24, 2022

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow... Critical Unreviewed

CVE-2019-18465 was published May 24, 2022

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1... Critical Unreviewed

CVE-2019-18464 was published May 24, 2022

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow... Critical Unreviewed

CVE-2019-18364 was published May 24, 2022

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function,... Critical Unreviewed

CVE-2019-8287 was published May 24, 2022

Previous 1…400Next

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26,868 advisories