Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

743 advisories

Loading
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that... Critical Unreviewed
CVE-2022-38193 was published Aug 17, 2022
Template injection in thymeleaf-spring5 Critical
CVE-2021-43466 was published for org.thymeleaf:thymeleaf-spring5 (Maven) Nov 10, 2021
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0)... Critical Unreviewed
CVE-2019-6823 was published May 24, 2022
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,... Critical Unreviewed
CVE-2019-0304 was published May 24, 2022
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed... Critical Unreviewed
CVE-2019-9848 was published May 24, 2022
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Critical Unreviewed
CVE-2019-15490 was published May 24, 2022
D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing... Critical Unreviewed
CVE-2019-10891 was published May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network... Critical Unreviewed
CVE-2019-11495 was published May 24, 2022
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code... Critical Unreviewed
CVE-2022-36262 was published Aug 16, 2022
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall,... Critical Unreviewed
CVE-2018-4031 was published May 24, 2022
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell... Critical Unreviewed
CVE-2020-16147 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12842 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12838 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12839 was published May 24, 2022
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all... Critical Unreviewed
CVE-2020-11851 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Critical Unreviewed
CVE-2020-28366 was published May 24, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... Critical Unreviewed
CVE-2022-34821 was published Jul 13, 2022
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command... Critical Unreviewed
CVE-2020-35131 was published May 24, 2022
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow... Critical Unreviewed
CVE-2020-8584 was published May 24, 2022
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code... Critical Unreviewed
CVE-2020-35458 was published May 24, 2022
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible,... Critical Unreviewed
CVE-2021-25770 was published May 24, 2022
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows... Critical Unreviewed
CVE-2021-27236 was published May 24, 2022
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Critical Unreviewed
CVE-2020-11103 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database