Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,531 advisories

Loading
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2... High Unreviewed
CVE-2024-53303 was published Apr 16, 2025
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in... High Unreviewed
CVE-2022-45942 was published Dec 20, 2022
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed
CVE-2024-50960 was published Apr 15, 2025
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting... High Unreviewed
CVE-2022-22756 was published Dec 22, 2022
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with... High Unreviewed
CVE-2022-3033 was published Dec 22, 2022
A file with a long filename could have had its filename truncated to remove the valid extension,... High Unreviewed
CVE-2022-46874 was published Dec 22, 2022
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed
CVE-2025-29281 was published Apr 15, 2025
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code High
CVE-2014-3942 was published for typo3/cms (Composer) May 14, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
Through a malicious URL that contained a quote character it was possible to inject HTML code in... High Unreviewed
CVE-2016-7966 was published May 17, 2022
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field... High Unreviewed
CVE-2016-9949 was published May 17, 2022
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x... High Unreviewed
CVE-2016-5424 was published May 14, 2022
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0... High Unreviewed
CVE-2016-5149 was published May 14, 2022
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0... High Unreviewed
CVE-2015-5693 was published May 17, 2022
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via... High Unreviewed
CVE-2015-0935 was published May 17, 2022
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote... High Unreviewed
CVE-2015-3446 was published May 17, 2022
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows... High Unreviewed
CVE-2015-1497 was published May 17, 2022
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary... High Unreviewed
CVE-2015-1311 was published May 14, 2022
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote... High Unreviewed
CVE-2014-0603 was published May 17, 2022
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote... High Unreviewed
CVE-2014-8485 was published May 17, 2022
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4... High Unreviewed
CVE-2014-9521 was published May 13, 2022
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM... High Unreviewed
CVE-2014-8877 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database