Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms... Critical Unreviewed
CVE-2019-1010149 was published May 24, 2022
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact... Critical Unreviewed
CVE-2019-1010234 was published May 24, 2022
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input... Critical Unreviewed
CVE-2019-1010245 was published May 24, 2022
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed... Critical Unreviewed
CVE-2019-9848 was published May 24, 2022
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of... Critical Unreviewed
CVE-2019-1109 was published May 24, 2022
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server ... Critical Unreviewed
CVE-2019-1072 was published May 24, 2022
libpng before 1.6.32 does not properly check the length of chunks against the user limit. Critical Unreviewed
CVE-2017-12652 was published May 24, 2022
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default... Critical Unreviewed
CVE-2019-9186 was published May 24, 2022
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via... Critical Unreviewed
CVE-2018-11686 was published May 24, 2022
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect... Critical Unreviewed
CVE-2018-20813 was published May 24, 2022
glot-code-runner RCE Critical
CVE-2018-15747 was published for github.com/prasmussen/glot-code-runner (Go) May 24, 2022
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis... Critical Unreviewed
CVE-2018-13906 was published May 24, 2022
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4... Critical Unreviewed
CVE-2019-3723 was published May 24, 2022
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient... Critical Unreviewed
CVE-2019-10149 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and... Critical Unreviewed
CVE-2019-1821 was published May 24, 2022
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10,... Critical Unreviewed
CVE-2019-5597 was published May 24, 2022
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on... Critical Unreviewed
CVE-2018-4018 was published May 24, 2022
In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run... Critical Unreviewed
CVE-2019-11595 was published May 24, 2022
A vulnerability was discovered where specific command line arguments are not properly discarded... Critical Unreviewed
CVE-2019-9794 was published May 24, 2022
The type inference system allows the compilation of functions that can cause type confusions... Critical Unreviewed
CVE-2019-9791 was published May 24, 2022
The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F... Critical Unreviewed
CVE-2018-14991 was published May 24, 2022
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32... Critical Unreviewed
CVE-2019-11460 was published May 24, 2022
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to... Critical Unreviewed
CVE-2021-26630 was published May 20, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a... Critical Unreviewed
CVE-2014-4651 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database