Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk... Critical Unreviewed
CVE-2020-12274 was published May 24, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This... Critical Unreviewed
CVE-2020-12079 was published May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
HashBrown CMS RCE Critical
CVE-2020-6948 was published for hashbrown-cms (npm) May 24, 2022
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon... Critical Unreviewed
CVE-2019-20041 was published May 24, 2022
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability.... Critical Unreviewed
CVE-2019-19398 was published May 24, 2022
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2... Critical Unreviewed
CVE-2019-16730 was published May 24, 2022
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. Critical Unreviewed
CVE-2019-19249 was published May 24, 2022
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote... Critical Unreviewed
CVE-2015-8980 was published May 24, 2022
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other... Critical Unreviewed
CVE-2019-18604 was published May 24, 2022
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download... Critical Unreviewed
CVE-2019-18624 was published May 24, 2022
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is... Critical Unreviewed
CVE-2019-18370 was published May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could... Critical Unreviewed
CVE-2019-15019 was published May 24, 2022
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication... Critical Unreviewed
CVE-2019-3980 was published May 24, 2022
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7... Critical Unreviewed
CVE-2019-17192 was published May 24, 2022
vBulletin through 5.5.4 mishandles custom avatars. Critical Unreviewed
CVE-2019-17132 was published May 24, 2022
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). Critical Unreviewed
CVE-2018-10105 was published May 24, 2022
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). Critical Unreviewed
CVE-2018-10103 was published May 24, 2022
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow... Critical Unreviewed
CVE-2019-12630 was published May 24, 2022
Lack of check of address range received from firmware response allows modem to respond arbitrary... Critical Unreviewed
CVE-2019-10538 was published May 24, 2022
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the... Critical Unreviewed
CVE-2019-16915 was published May 24, 2022
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound... Critical Unreviewed
CVE-2019-5504 was published May 24, 2022
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing... Critical Unreviewed
CVE-2019-16656 was published May 24, 2022
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via ... Critical Unreviewed
CVE-2019-16314 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database