Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,770
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

774 advisories

Loading
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code... Critical Unreviewed
CVE-2022-1517 was published Jun 25, 2022
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the... Critical Unreviewed
CVE-2014-3582 was published May 17, 2022
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as... Critical Unreviewed
CVE-2017-20099 was published Jun 28, 2022
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software... Critical Unreviewed
CVE-2022-32409 was published Jul 15, 2022
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The... Critical Unreviewed
CVE-2017-7691 was published May 17, 2022
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to... Critical Unreviewed
CVE-2015-8771 was published May 17, 2022
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object... Critical Unreviewed
CVE-2016-5726 was published May 17, 2022
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "... Critical Unreviewed
CVE-2017-7625 was published May 17, 2022
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-32417 was published Jul 15, 2022
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. Critical Unreviewed
CVE-2014-3927 was published May 17, 2022
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to... Critical Unreviewed
CVE-2015-0855 was published May 17, 2022
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without... Critical Unreviewed
CVE-2016-10157 was published May 17, 2022
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-1985 was published May 17, 2022
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. Critical Unreviewed
CVE-2017-2968 was published May 17, 2022
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. Critical Unreviewed
CVE-2016-1000003 was published May 17, 2022
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to... Critical Unreviewed
CVE-2016-7109 was published May 17, 2022
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2016-1986 was published May 17, 2022
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP... Critical Unreviewed
CVE-2015-5721 was published May 17, 2022
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to... Critical Unreviewed
CVE-2016-7110 was published May 17, 2022
Code injection in electerm Critical
CVE-2020-23256 was published for electerm (npm) Jan 20, 2023
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to... Critical Unreviewed
CVE-2016-3153 was published May 17, 2022
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x... Critical Unreviewed
CVE-2016-3154 was published May 17, 2022
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which... Critical Unreviewed
CVE-2015-8761 was published May 17, 2022
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that... Critical Unreviewed
CVE-2022-38193 was published Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database