Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
A remote code execution vulnerability is present in network-listening components in some versions... Critical Unreviewed
CVE-2018-7081 was published May 24, 2022
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field... Critical Unreviewed
CVE-2019-10074 was published May 24, 2022
The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the... Critical Unreviewed
CVE-2015-9351 was published May 24, 2022
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate... Critical Unreviewed
CVE-2018-20985 was published May 24, 2022
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission... Critical Unreviewed
CVE-2018-20981 was published May 24, 2022
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter... Critical Unreviewed
CVE-2017-18580 was published May 24, 2022
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure... Critical Unreviewed
CVE-2016-10930 was published May 24, 2022
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script,... Critical Unreviewed
CVE-2019-9850 was published May 24, 2022
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script,... Critical Unreviewed
CVE-2019-9851 was published May 24, 2022
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known... Critical Unreviewed
CVE-2019-7959 was published May 24, 2022
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. Critical Unreviewed
CVE-2018-20973 was published May 24, 2022
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file... Critical Unreviewed
CVE-2018-14671 was published May 24, 2022
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could... Critical Unreviewed
CVE-2019-1971 was published May 24, 2022
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site... Critical Unreviewed
CVE-2019-14771 was published May 24, 2022
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint... Critical Unreviewed
CVE-2019-13143 was published May 24, 2022
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry... Critical Unreviewed
CVE-2016-10824 was published May 24, 2022
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry... Critical Unreviewed
CVE-2016-10858 was published May 24, 2022
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). Critical Unreviewed
CVE-2016-10855 was published May 24, 2022
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list... Critical Unreviewed
CVE-2018-20863 was published May 24, 2022
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a... Critical Unreviewed
CVE-2018-11773 was published May 24, 2022
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch... Critical Unreviewed
CVE-2019-9819 was published May 24, 2022
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and... Critical Unreviewed
CVE-2019-11708 was published May 24, 2022
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially... Critical Unreviewed
CVE-2019-11714 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010150 was published May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms... Critical Unreviewed
CVE-2019-1010149 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database