Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

884 advisories

Loading
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0.... Critical Unreviewed
CVE-2017-7280 was published May 17, 2022
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost... Critical Unreviewed
CVE-2016-10243 was published May 17, 2022
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers... Critical Unreviewed
CVE-2016-5178 was published May 14, 2022
libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue... Critical Unreviewed
CVE-2017-9188 was published May 17, 2022
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and... Critical Unreviewed
CVE-2016-8218 was published May 17, 2022
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute... Critical Unreviewed
CVE-2017-11346 was published May 17, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux... Critical Unreviewed
CVE-2017-9811 was published May 17, 2022
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote... Critical Unreviewed
CVE-2017-11394 was published May 17, 2022
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed
CVE-2015-7705 was published May 13, 2022
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x... Critical Unreviewed
CVE-2017-9800 was published May 13, 2022
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2017-6315 was published May 17, 2022
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx... Critical Unreviewed
CVE-2017-12367 was published May 13, 2022
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed
CVE-2017-16845 was published May 13, 2022
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to... Critical Unreviewed
CVE-2017-3191 was published May 13, 2022
An issue existed in the parsing of URLs. This issue was addressed with improved input validation.... Critical Unreviewed
CVE-2022-42837 was published Dec 15, 2022
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote... Critical Unreviewed
CVE-2024-0864 was published Feb 29, 2024
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform... Critical Unreviewed
CVE-2022-36784 was published Jul 6, 2023
iTerm2 before 3.4.18 mishandles a DECRQSS response. Critical Unreviewed
CVE-2022-45872 was published Nov 24, 2022
In wlan service, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed
CVE-2024-20017 was published Mar 4, 2024
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Multipart-file uploads call variables to be improperly registered in the global scope. In cases... Critical Unreviewed
CVE-2018-6334 was published May 13, 2022
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database