Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,531 advisories

Loading
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to... High Unreviewed
CVE-2014-8669 was published May 17, 2022
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via... High Unreviewed
CVE-2014-8661 was published May 17, 2022
SAP Document Management Services allows local users to execute arbitrary commands via unspecified... High Unreviewed
CVE-2014-8660 was published May 14, 2022
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2... High Unreviewed
CVE-2014-6321 was published May 13, 2022
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8... High Unreviewed
CVE-2014-5297 was published May 14, 2022
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote... High Unreviewed
CVE-2014-7226 was published May 17, 2022
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in... High Unreviewed
CVE-2014-7235 was published May 13, 2022
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2... High Unreviewed
CVE-2014-6433 was published May 17, 2022
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path... High Unreviewed
CVE-2014-4043 was published May 14, 2022
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows... High Unreviewed
CVE-2014-6298 was published May 17, 2022
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly... High Unreviewed
CVE-2014-6446 was published May 17, 2022
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute... High Unreviewed
CVE-2014-5210 was published May 17, 2022
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to... High Unreviewed
CVE-2013-7394 was published May 17, 2022
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows... High Unreviewed
CVE-2014-3560 was published May 14, 2022
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in... High Unreviewed
CVE-2014-5158 was published May 17, 2022
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute... High Unreviewed
CVE-2014-4152 was published May 17, 2022
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create... High Unreviewed
CVE-2014-4151 was published May 17, 2022
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute... High Unreviewed
CVE-2014-3805 was published May 17, 2022
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute... High Unreviewed
CVE-2014-3804 was published May 17, 2022
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1... High Unreviewed
CVE-2013-5036 was published May 17, 2022
PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop... High Unreviewed
CVE-2013-0724 was published May 17, 2022
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote... High Unreviewed
CVE-2014-3789 was published May 17, 2022
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized... High Unreviewed
CVE-2014-1613 was published May 17, 2022
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph... High Unreviewed
CVE-2014-3915 was published May 17, 2022
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via... High Unreviewed
CVE-2014-3911 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database