GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,927
Composer 4,272
Erlang 31
GitHub Actions 21
Go 2,047
Maven 5,232
npm 3,739
NuGet 668
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,412

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

24,036 advisories

Filter by severity

Sort by

Least recently updated

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL... Critical Unreviewed

CVE-2019-12601 was published May 24, 2022

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi... Critical Unreviewed

CVE-2019-12771 was published May 24, 2022

SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. Critical Unreviewed

CVE-2019-12599 was published May 24, 2022

In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to... Critical Unreviewed

CVE-2019-2097 was published May 24, 2022

HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. Critical Unreviewed

CVE-2019-9086 was published May 24, 2022

HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. Critical Unreviewed

CVE-2019-9087 was published May 24, 2022

The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the... Critical Unreviewed

CVE-2019-12780 was published May 24, 2022

An invalid write of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed

CVE-2018-20355 was published May 24, 2022

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the... Critical Unreviewed

CVE-2018-20354 was published May 24, 2022

An invalid read of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed

CVE-2018-20356 was published May 24, 2022

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the... Critical Unreviewed

CVE-2018-20353 was published May 24, 2022

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with... Critical Unreviewed

CVE-2019-9879 was published May 24, 2022

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users'... Critical Unreviewed

CVE-2019-9880 was published May 24, 2022

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection... Critical Unreviewed

CVE-2017-18377 was published May 24, 2022

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell... Critical Unreviewed

CVE-2016-10760 was published May 24, 2022

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2018-11801 was published May 24, 2022

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2018-11800 was published May 24, 2022

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir']... Critical Unreviewed

CVE-2017-18378 was published May 24, 2022

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow... Critical Unreviewed

CVE-2018-20841 was published May 24, 2022

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server... Critical Unreviewed

CVE-2019-12146 was published May 24, 2022

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.... Critical Unreviewed

CVE-2019-12144 was published May 24, 2022

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF,... Critical Unreviewed

CVE-2019-12153 was published May 24, 2022

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed

CVE-2019-12154 was published May 24, 2022

An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable... Critical Unreviewed

CVE-2019-12765 was published May 24, 2022

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution... Critical Unreviewed

CVE-2019-3412 was published May 24, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,036 advisories