Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

45 advisories

Loading
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42133 was published Dec 8, 2021
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41841 was published Feb 10, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed
CVE-2022-24232 was published Feb 25, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25486 was published Mar 16, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25485 was published Mar 16, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed
CVE-2019-9829 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... High Unreviewed
CVE-2017-14095 was published May 13, 2022
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->... High Unreviewed
CVE-2018-1000502 was published May 13, 2022
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. High Unreviewed
CVE-2018-18387 was published May 13, 2022
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library)... High Unreviewed
CVE-2021-20443 was published May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed
CVE-2021-30507 was published May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30121 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged... High Unreviewed
CVE-2021-34692 was published May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared... High Unreviewed
CVE-2021-34398 was published May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the... High Unreviewed
CVE-2021-38360 was published May 24, 2022
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the... High Unreviewed
CVE-2021-33626 was published May 24, 2022
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included... High Unreviewed
CVE-2021-41569 was published May 24, 2022
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This... High Unreviewed
CVE-2021-4229 was published May 25, 2022
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the... High Unreviewed
CVE-2021-41037 was published Jul 9, 2022
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from... High Unreviewed
CVE-2022-30243 was published Jul 16, 2022
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated... High Unreviewed
CVE-2022-30244 was published Jul 16, 2022
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64... High Unreviewed
CVE-2022-33317 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API