Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

781 advisories

Loading
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed
CVE-2017-7321 was published May 13, 2022
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed
CVE-2017-7324 was published May 13, 2022
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving... Critical Unreviewed
CVE-2018-18249 was published May 13, 2022
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote... Critical Unreviewed
CVE-2017-15376 was published May 13, 2022
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality... Critical Unreviewed
CVE-2017-1000196 was published May 13, 2022
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before... Critical Unreviewed
CVE-2013-6671 was published May 13, 2022
install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a... Critical Unreviewed
CVE-2019-7692 was published May 13, 2022
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin... Critical Unreviewed
CVE-2018-18319 was published May 13, 2022
Elefant CMS PHP Code Execution Vulnerability Critical
CVE-2018-16975 was published for elefant/cms (Composer) May 13, 2022
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which... Critical Unreviewed
CVE-2018-1207 was published May 13, 2022
Richfaces vulnerable to arbitrary code execution Critical
CVE-2018-14667 was published for org.richfaces:richfaces-core (Maven) May 13, 2022
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... Critical Unreviewed
CVE-2018-8540 was published May 13, 2022
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion... Critical Unreviewed
CVE-2019-7609 was published May 13, 2022
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed
CVE-2017-16783 was published May 13, 2022
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed
CVE-2014-6287 was published May 13, 2022
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the... Critical Unreviewed
CVE-2017-7402 was published May 13, 2022
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer... Critical Unreviewed
CVE-2018-17207 was published May 13, 2022
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation... Critical Unreviewed
CVE-2018-17036 was published May 13, 2022
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to... Critical Unreviewed
CVE-2019-8341 was published May 13, 2022
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function... Critical Unreviewed
CVE-2022-29307 was published May 13, 2022
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3... Critical Unreviewed
CVE-2013-4211 was published May 5, 2022
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Critical Unreviewed
CVE-2013-1666 was published May 5, 2022
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console Critical
CVE-2022-25767 was published for com.bstek.ureport:ureport2-console (Maven) May 3, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Critical
CVE-2009-0668 was published for ZODB3 (pip) May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database