Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,056
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

917 advisories

Loading
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute... Critical Unreviewed
CVE-2022-29897 was published May 12, 2022
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Credited to THS-on
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable... Critical Unreviewed
CVE-2013-7171 was published May 5, 2022
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php... Critical Unreviewed
CVE-2013-2093 was published May 5, 2022
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview Critical Unreviewed
CVE-2013-2259 was published May 5, 2022
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service... Critical Unreviewed
CVE-2013-1910 was published May 5, 2022
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Critical Unreviewed
CVE-2013-7483 was published May 5, 2022
Apache Struts Remote Java Code Execution Critical
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ
Credited to sunSUNQ
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2... Critical Unreviewed
CVE-2022-28054 was published May 3, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
Credited to lebr0nli, Bibo-Joshi, AngellusMortis, marcoaaguiar, and br3ndonland
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code... Critical Unreviewed
CVE-2022-29499 was published Apr 27, 2022
opendnssec misuses libcurl API Critical Unreviewed
CVE-2012-5582 was published Apr 23, 2022
cumin: At installation postgresql database user created without password Critical Unreviewed
CVE-2012-3460 was published Apr 23, 2022
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table... Critical Unreviewed
CVE-2012-6125 was published Apr 23, 2022
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which... Critical Unreviewed
CVE-2012-0694 was published Apr 23, 2022
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables... Critical Unreviewed
CVE-2011-2897 was published Apr 23, 2022
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to... Critical Unreviewed
CVE-2011-4124 was published Apr 22, 2022
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM... Critical Unreviewed
CVE-2011-4120 was published Apr 22, 2022
Smarty3 Arbitrary PHP Code Execution Critical
CVE-2011-1028 was published for smarty/smarty (Composer) Apr 22, 2022
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may... Critical Unreviewed
CVE-2011-0703 was published Apr 22, 2022
Rbot Reaction plugin allows command execution Critical Unreviewed
CVE-2010-2446 was published Apr 21, 2022
qtparted has insecure library loading which may allow arbitrary code execution Critical Unreviewed
CVE-2010-3375 was published Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database