Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,482 advisories

Loading
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1... Critical Unreviewed
CVE-2017-0372 was published May 14, 2022
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection... Critical Unreviewed
CVE-2014-2294 was published May 14, 2022
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before... High Unreviewed
CVE-2017-18266 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10... Moderate Unreviewed
CVE-2018-4235 was published May 14, 2022
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might... Critical Unreviewed
CVE-2017-17790 was published May 14, 2022
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website,... High Unreviewed
CVE-2017-7846 was published May 14, 2022
RSS fields can inject new lines into the created email structure, modifying the message body.... Moderate Unreviewed
CVE-2017-7848 was published May 14, 2022
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that... Critical Unreviewed
CVE-2017-7788 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability High
CVE-2018-6519 was published for simplesamlphp/saml2 (Composer) May 14, 2022
The backup mechanism in the adb tool in Android might allow attackers to inject additional... High Unreviewed
CVE-2014-7952 was published May 14, 2022
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users... Critical Unreviewed
CVE-2016-9832 was published May 14, 2022
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when... High Unreviewed
CVE-2015-1762 was published May 14, 2022
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to... High Unreviewed
CVE-2015-2180 was published May 14, 2022
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and... Moderate Unreviewed
CVE-2016-5701 was published May 14, 2022
Twig remote code execution in templates High
CVE-2015-7809 was published for twig/twig (Composer) May 14, 2022
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. Moderate Unreviewed
CVE-2018-18207 was published May 14, 2022
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2013-6435 was published May 14, 2022
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit... Moderate Unreviewed
CVE-2019-7351 was published May 14, 2022
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated... Moderate Unreviewed
CVE-2015-3013 was published May 14, 2022
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user... Critical Unreviewed
CVE-2019-8948 was published May 14, 2022
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Moderate Unreviewed
CVE-2018-16627 was published May 14, 2022
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by... High Unreviewed
CVE-2017-7703 was published May 14, 2022
Injection in Jolokia agent High
CVE-2018-1000130 was published for org.jolokia:jolokia-core (Maven) May 14, 2022
An injection issue was addressed with improved validation. This issue affected versions prior to... Moderate Unreviewed
CVE-2018-4153 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database