Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,427 advisories

Loading
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other... High Unreviewed
CVE-2010-2004 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and... Low Unreviewed
CVE-2010-1984 was published May 17, 2022
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote... High Unreviewed
CVE-2010-2124 was published May 17, 2022
Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers... High Unreviewed
CVE-2010-2126 was published May 17, 2022
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to... High Unreviewed
CVE-2010-2028 was published May 17, 2022
Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service ("runtime... Moderate Unreviewed
CVE-2008-6672 was published May 17, 2022
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute... High Unreviewed
CVE-2008-6753 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote... Moderate Unreviewed
CVE-2008-6764 was published May 17, 2022
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows... Moderate Unreviewed
CVE-2010-2029 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote... Moderate Unreviewed
CVE-2008-6631 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers... Moderate Unreviewed
CVE-2008-6675 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3... Moderate Unreviewed
CVE-2008-6746 was published May 17, 2022
DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2)... Moderate Unreviewed
CVE-2010-2078 was published May 17, 2022
Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote... Moderate Unreviewed
CVE-2010-2018 was published May 17, 2022
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to... High Unreviewed
CVE-2010-2047 was published May 17, 2022
Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address... Moderate Unreviewed
CVE-2008-6601 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote... Moderate Unreviewed
CVE-2008-6609 was published May 17, 2022
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. High Unreviewed
CVE-2022-31782 was published Jun 3, 2022
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions,... Moderate Unreviewed
CVE-2022-1424 was published Jun 9, 2022
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does... Moderate Unreviewed
CVE-2022-1597 was published Jun 9, 2022
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. Moderate Unreviewed
CVE-2022-31497 was published Jun 9, 2022
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this... Critical Unreviewed
CVE-2019-25065 was published Jun 10, 2022
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this... Moderate Unreviewed
CVE-2017-20027 was published Jun 10, 2022
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk... Moderate Unreviewed
CVE-2022-1690 was published Jun 9, 2022
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1712 was published Jun 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database