Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,767 advisories

Loading
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16... High Unreviewed
CVE-2021-45661 was published Dec 27, 2021
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for... Critical Unreviewed
CVE-2020-15591 was published Mar 18, 2022
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites ... High Unreviewed
CVE-2010-2918 was published May 17, 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability... Critical Unreviewed
CVE-2022-22954 was published Apr 12, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote... High Unreviewed
CVE-2010-3205 was published May 17, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22430 was published Feb 26, 2022
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the... High Unreviewed
CVE-2022-0661 was published Apr 19, 2022
A vulnerability was reported in Lenovo System Update that could allow a local user with... High Unreviewed
CVE-2022-0354 was published Apr 23, 2022
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
morgan-json vulnerable to Arbitrary Code Execution Critical
CVE-2022-25921 was published for morgan-json (npm) Aug 29, 2022
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete... High Unreviewed
CVE-2017-16544 was published May 13, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to... High Unreviewed
CVE-2022-3383 was published Nov 29, 2022
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to... High Unreviewed
CVE-2022-3384 was published Nov 29, 2022
Improper Control of Generation of Code in Spring Security Moderate
CVE-2011-2732 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Improper Control of Generation of Code in Apache Kafka Moderate
CVE-2018-1288 was published for org.apache.kafka:kafka (Maven) May 13, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with... Critical Unreviewed
CVE-2021-20623 was published May 24, 2022
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution Critical
CVE-2022-25644 was published for @pendo324/get-process-by-name (npm) Aug 29, 2022
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through... Critical Unreviewed
CVE-2020-10666 was published May 24, 2022
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when... Moderate Unreviewed
CVE-2010-2677 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API