Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed
CVE-2019-9829 was published May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
An attacker with the ability to modify a user program may change user program code on some... Critical Unreviewed
CVE-2022-1161 was published Apr 12, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25485 was published Mar 16, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25486 was published Mar 16, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed
CVE-2022-24232 was published Feb 25, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41841 was published Feb 10, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42133 was published Dec 8, 2021
Embedded malware in ua-parser-js High
GHSA-pjwm-rvh2-c87w was published for ua-parser-js (npm) Oct 22, 2021
xtqqczze
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate
CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
High severity vulnerability that affects generator-jhipster High
GHSA-mc84-xr9p-938r was published for generator-jhipster (npm) Sep 23, 2019
Unintended Require in larvitbase-api High
CVE-2019-5479 was published for larvitbase-api (npm) Sep 11, 2019
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
ProTip! Advisories are also available from the GraphQL API