Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Critical Unreviewed
CVE-2016-8901 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8899 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8900 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. Critical Unreviewed
CVE-2017-18583 was published May 24, 2022
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may... Critical Unreviewed
CVE-2019-9535 was published May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed
CVE-2019-19330 was published May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed
CVE-2020-5505 was published May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection Critical
CVE-2020-9757 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
Fat-Free Framework arbitrary code execution Critical
CVE-2020-5203 was published for bcosca/fatfree (Composer) May 24, 2022
Node-Traceroute RCE Vulnerability Critical
CVE-2018-21268 was published for traceroute (npm) May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager... Critical Unreviewed
CVE-2020-15348 was published May 24, 2022
A templateselect expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7172 was published May 24, 2022
A guidatadetail expression language injection remote code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-7171 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader... Critical Unreviewed
CVE-2019-19872 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in... Critical Unreviewed
CVE-2019-19874 was published May 24, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote... Critical Unreviewed
CVE-2020-4627 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database