Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,126
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

783 advisories

Loading
Template injection in thymeleaf-spring5 Critical
CVE-2021-43466 was published for org.thymeleaf:thymeleaf-spring5 (Maven) Nov 10, 2021
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0)... Critical Unreviewed
CVE-2019-6823 was published May 24, 2022
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,... Critical Unreviewed
CVE-2019-0304 was published May 24, 2022
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed... Critical Unreviewed
CVE-2019-9848 was published May 24, 2022
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Critical Unreviewed
CVE-2019-15490 was published May 24, 2022
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network... Critical Unreviewed
CVE-2019-11495 was published May 24, 2022
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code... Critical Unreviewed
CVE-2022-36262 was published Aug 16, 2022
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall,... Critical Unreviewed
CVE-2018-4031 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12842 was published May 24, 2022
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell... Critical Unreviewed
CVE-2020-16147 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12838 was published May 24, 2022
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron... Critical Unreviewed
CVE-2020-12839 was published May 24, 2022
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all... Critical Unreviewed
CVE-2020-11851 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Critical Unreviewed
CVE-2020-28366 was published May 24, 2022
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command... Critical Unreviewed
CVE-2020-35131 was published May 24, 2022
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow... Critical Unreviewed
CVE-2020-8584 was published May 24, 2022
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code... Critical Unreviewed
CVE-2020-35458 was published May 24, 2022
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible,... Critical Unreviewed
CVE-2021-25770 was published May 24, 2022
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows... Critical Unreviewed
CVE-2021-27236 was published May 24, 2022
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Critical Unreviewed
CVE-2020-11103 was published May 24, 2022
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893,... Critical Unreviewed
CVE-2021-26877 was published May 24, 2022
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code... Critical Unreviewed
CVE-2021-23281 was published May 24, 2022
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain... Critical Unreviewed
CVE-2021-27602 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database