Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed
CVE-2019-4263 was published May 24, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High
CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. High Unreviewed
CVE-2018-18387 was published May 13, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated... Critical Unreviewed
CVE-2018-15486 was published May 13, 2022
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->... High Unreviewed
CVE-2018-1000502 was published May 13, 2022
Drupal Remote code execution High
CVE-2017-6381 was published for drupal/core (Composer) May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to... Critical Unreviewed
CVE-2017-5397 was published May 13, 2022
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and... Critical Unreviewed
CVE-2017-1376 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... High Unreviewed
CVE-2017-14095 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console... Critical Unreviewed
CVE-2018-17246 was published May 13, 2022
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed
CVE-2018-8351 was published May 13, 2022
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed
CVE-2019-9829 was published May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
An attacker with the ability to modify a user program may change user program code on some... Critical Unreviewed
CVE-2022-1161 was published Apr 12, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25485 was published Mar 16, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25486 was published Mar 16, 2022
Improper Locking in JetBrains Kotlin Moderate
CVE-2022-24329 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) Feb 26, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed
CVE-2022-24232 was published Feb 25, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41841 was published Feb 10, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42133 was published Dec 8, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database