Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
HTML tags received from the Pocket server will be processed without sanitization and any... Critical Unreviewed
CVE-2016-9901 was published May 14, 2022
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager... Critical Unreviewed
CVE-2018-11808 was published May 14, 2022
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. Critical Unreviewed
CVE-2018-12688 was published May 14, 2022
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The... Critical Unreviewed
CVE-2018-12562 was published May 14, 2022
NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and... Critical Unreviewed
CVE-2018-5488 was published May 14, 2022
Improper Input Validation in Deap Critical
CVE-2018-3749 was published for deap (npm) May 14, 2022
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind... Critical Unreviewed
CVE-2018-11314 was published May 14, 2022
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS... Critical Unreviewed
CVE-2018-11316 was published May 14, 2022
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor... Critical Unreviewed
CVE-2018-14071 was published May 14, 2022
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header... Critical Unreviewed
CVE-2018-14767 was published May 14, 2022
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5... Critical Unreviewed
CVE-2014-9757 was published May 14, 2022
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote... Critical Unreviewed
CVE-2015-8360 was published May 14, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and... Critical Unreviewed
CVE-2016-6603 was published May 14, 2022
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote... Critical Unreviewed
CVE-2016-6496 was published May 14, 2022
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature... Critical Unreviewed
CVE-2016-0132 was published May 14, 2022
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1;... Critical Unreviewed
CVE-2016-7182 was published May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x... Critical Unreviewed
CVE-2016-4538 was published May 14, 2022
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x... Critical Unreviewed
CVE-2016-4537 was published May 14, 2022
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4... Critical Unreviewed
CVE-2015-7545 was published May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command Critical
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers... Critical Unreviewed
CVE-2016-5178 was published May 14, 2022
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted... Critical Unreviewed
CVE-2018-8421 was published May 14, 2022
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function... Critical Unreviewed
CVE-2018-15888 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database