Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

662 advisories

Loading
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
morgan-json vulnerable to Arbitrary Code Execution Critical
CVE-2022-25921 was published for morgan-json (npm) Aug 29, 2022
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with... Critical Unreviewed
CVE-2021-20623 was published May 24, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution Critical
CVE-2022-25644 was published for @pendo324/get-process-by-name (npm) Aug 29, 2022
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through... Critical Unreviewed
CVE-2020-10666 was published May 24, 2022
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. Critical Unreviewed
CVE-2020-21784 was published May 24, 2022
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request... Critical Unreviewed
CVE-2021-26810 was published May 24, 2022
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4... Critical Unreviewed
CVE-2020-25414 was published May 24, 2022
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40... Critical Unreviewed
CVE-2021-22519 was published May 24, 2022
An arbitrary code execution vulnerability exists in Micro Focus Application Performance... Critical Unreviewed
CVE-2021-22514 was published May 24, 2022
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute... Critical Unreviewed
CVE-2020-22937 was published May 24, 2022
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller... Critical Unreviewed
CVE-2020-21652 was published May 24, 2022
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. Critical Unreviewed
CVE-2021-45983 was published Jun 3, 2022
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller... Critical Unreviewed
CVE-2020-21651 was published May 24, 2022
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related... Critical Unreviewed
CVE-2017-11715 was published May 17, 2022
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a... Critical Unreviewed
CVE-2022-30877 was published Jun 9, 2022
Code Injection in SEOmatic Critical
CVE-2021-41749 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add... Critical Unreviewed
CVE-2017-11167 was published May 17, 2022
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability... Critical Unreviewed
CVE-2017-20095 was published Jun 25, 2022
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code... Critical Unreviewed
CVE-2022-32054 was published Jul 8, 2022
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code... Critical Unreviewed
CVE-2017-10968 was published May 17, 2022
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache... Critical Unreviewed
CVE-2017-11585 was published May 17, 2022
Internally used text extraction reports allow an attacker to inject code that can be executed by... Critical Unreviewed
CVE-2021-44231 was published Dec 15, 2021
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not... Critical Unreviewed
CVE-2016-5734 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API