GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 31,556
Composer 5,975
Erlang 73
GitHub Actions 53
Go 4,004
Maven 6,648
npm 6,420
NuGet 974
pip 5,303
Pub 13
RubyGems 1,069
Rust 1,395
Swift 61

Unreviewed advisories

All unreviewed 307,830

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

30,740 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1... Critical Unreviewed

CVE-2018-17411 was published May 14, 2022

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows... Critical Unreviewed

CVE-2018-20569 was published May 14, 2022

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m... Critical Unreviewed

CVE-2018-20572 was published May 14, 2022

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 Critical Unreviewed

CVE-2018-15362 was published May 14, 2022

Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via... Critical Unreviewed

CVE-2018-18963 was published May 14, 2022

OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier... Critical Unreviewed

CVE-2019-1000023 was published May 14, 2022

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An... Critical Unreviewed

CVE-2018-1000625 was published May 14, 2022

phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/nat/item-add-submit.php that... Critical Unreviewed

CVE-2018-1000869 was published May 14, 2022

MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability... Critical Unreviewed

CVE-2018-1000821 was published May 14, 2022

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a... Critical Unreviewed

CVE-2012-6710 was published May 14, 2022

In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a... Critical Unreviewed

CVE-2018-9355 was published May 14, 2022

K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response... Critical Unreviewed

CVE-2018-1000831 was published May 14, 2022

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory... Critical Unreviewed

CVE-2019-7234 was published May 14, 2022

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2018-19861 was published May 14, 2022

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier... Critical Unreviewed

CVE-2018-13045 was published May 14, 2022

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed

CVE-2022-40747 was published Nov 4, 2022

runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in... Critical Unreviewed

CVE-2018-1000834 was published May 14, 2022

Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP,... Critical Unreviewed

CVE-2013-7465 was published May 14, 2022

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in ... Critical Unreviewed

CVE-2018-1000871 was published May 14, 2022

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation... Critical Unreviewed

CVE-2018-1000881 was published May 14, 2022

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Critical Unreviewed

CVE-2019-6805 was published May 14, 2022

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite... Critical Unreviewed

CVE-2017-15402 was published May 14, 2022

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as... Critical Unreviewed

CVE-2018-18925 was published May 14, 2022

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE)... Critical Unreviewed

CVE-2018-15805 was published May 14, 2022

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Critical Unreviewed

CVE-2018-0645 was published May 14, 2022

Previous 1…397…400 Next

Previous 1 2 … 395 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

30,740 advisories