GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,410
Composer 4,676
Erlang 34
GitHub Actions 26
Go 2,263
Maven 5,528
npm 3,915
NuGet 705
pip 3,686
Pub 12
RubyGems 916
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,536

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

611 advisories

Filter by severity

Sort by

Least recently updated

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to... Critical Unreviewed

CVE-2018-17173 was published May 14, 2022

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web... Critical Unreviewed

CVE-2018-18258 was published May 14, 2022

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin... Critical Unreviewed

CVE-2018-11780 was published May 14, 2022

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe... Critical Unreviewed

CVE-2018-13043 was published May 14, 2022

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter... Critical Unreviewed

CVE-2018-1999019 was published May 13, 2022

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a... Critical Unreviewed

CVE-2011-2767 was published May 13, 2022

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise... Critical Unreviewed

CVE-2014-5401 was published May 13, 2022

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute... Critical Unreviewed

CVE-2017-1789 was published May 13, 2022

Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat... Critical Unreviewed

CVE-2017-3907 was published May 13, 2022

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable... Critical Unreviewed

CVE-2017-7465 was published May 13, 2022

Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows... Critical Unreviewed

CVE-2018-14804 was published May 13, 2022

Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) ... Critical Unreviewed

CVE-2018-19641 was published May 13, 2022

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can... Critical Unreviewed

CVE-2018-2418 was published May 13, 2022

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12.... Critical Unreviewed

CVE-2018-6488 was published May 13, 2022

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite... Critical Unreviewed

CVE-2018-6499 was published May 13, 2022

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite... Critical Unreviewed

CVE-2018-6498 was published May 13, 2022

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed

CVE-2017-7321 was published May 13, 2022

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed

CVE-2017-7324 was published May 13, 2022

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving... Critical Unreviewed

CVE-2018-18249 was published May 13, 2022

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote... Critical Unreviewed

CVE-2017-15376 was published May 13, 2022

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality... Critical Unreviewed

CVE-2017-1000196 was published May 13, 2022

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before... Critical Unreviewed

CVE-2013-6671 was published May 13, 2022

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a... Critical Unreviewed

CVE-2019-7692 was published May 13, 2022

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin... Critical Unreviewed

CVE-2018-18319 was published May 13, 2022

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which... Critical Unreviewed

CVE-2018-1207 was published May 13, 2022

Previous 1 2 … 21 22 23 24 25 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

611 advisories