Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,531 advisories

Loading
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This... High Unreviewed
CVE-2017-20086 was published Jun 24, 2022
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters,... High Unreviewed
CVE-2015-3640 was published May 17, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary... High Unreviewed
CVE-2017-9442 was published May 17, 2022
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated... High Unreviewed
CVE-2015-3638 was published May 17, 2022
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and... High Unreviewed
CVE-2022-2268 was published Jul 5, 2022
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers... High Unreviewed
CVE-2015-2252 was published May 17, 2022
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject... High Unreviewed
CVE-2016-9862 was published May 17, 2022
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks... High Unreviewed
CVE-2016-4895 was published May 17, 2022
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary... High Unreviewed
CVE-2015-3173 was published Jul 7, 2022
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to... High Unreviewed
CVE-2015-6531 was published May 17, 2022
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST... High Unreviewed
CVE-2016-5072 was published May 17, 2022
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be... High Unreviewed
CVE-2016-8354 was published May 17, 2022
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by... High Unreviewed
CVE-2017-7570 was published May 17, 2022
Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and... High Unreviewed
CVE-2014-0558 was published May 17, 2022
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the... High Unreviewed
CVE-2016-7967 was published May 17, 2022
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object... High Unreviewed
CVE-2016-5727 was published May 17, 2022
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue... High Unreviewed
CVE-2013-4495 was published May 17, 2022
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3... High Unreviewed
CVE-2013-4557 was published May 17, 2022
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24... High Unreviewed
CVE-2014-1557 was published May 17, 2022
Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which... High Unreviewed
CVE-2022-34625 was published Aug 3, 2022
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible High Unreviewed
CVE-2022-37009 was published Jul 29, 2022
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code... High Unreviewed
CVE-2015-7905 was published May 17, 2022
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow... High Unreviewed
CVE-2014-1556 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database