Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,057
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
A vulnerability has been found in Activity Log Plugin and classified as critical. This... Critical Unreviewed
CVE-2022-3941 was published Nov 11, 2022
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized... Critical Unreviewed
CVE-2024-0552 was published Jan 15, 2024
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an... Critical Unreviewed
CVE-2021-3169 was published May 24, 2022
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Expression injection in AviatorScript Critical
CVE-2021-41862 was published for com.googlecode.aviator:aviator (Maven) Oct 4, 2021
joelteo-poloniex
TWiki allows arbitrary shell command execution via the Include function Critical Unreviewed
CVE-2005-3056 was published Apr 21, 2022
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable,... Critical Unreviewed
CVE-2023-29827 was published May 4, 2023
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via... Critical Unreviewed
CVE-2015-5377 was published May 14, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation... Critical Unreviewed
CVE-2017-9861 was published May 17, 2022
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP... Critical Unreviewed
CVE-2011-2717 was published Apr 22, 2022
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote... Critical Unreviewed
CVE-2013-7070 was published May 5, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8899 was published May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Critical Unreviewed
CVE-2016-8901 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8900 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. Critical Unreviewed
CVE-2017-18583 was published May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may... Critical Unreviewed
CVE-2019-9535 was published May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed
CVE-2019-19330 was published May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed
CVE-2020-5505 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database