GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,610
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,300
Maven 5,576
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 920
Rust 960
Swift 38

Unreviewed advisories

All unreviewed 256,754

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

122 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the... High Unreviewed

CVE-2021-33626 was published May 24, 2022

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included... High Unreviewed

CVE-2021-41569 was published May 24, 2022

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed

CVE-2021-20843 was published May 24, 2022

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed

CVE-2020-16152 was published May 24, 2022

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed

CVE-2022-25486 was published Mar 16, 2022

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed

CVE-2022-29845 was published May 12, 2022

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed

CVE-2019-9829 was published May 13, 2022

Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High

CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021

Command Injection in @theia/messages Moderate

CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed

CVE-2018-8351 was published May 13, 2022

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate

CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed

CVE-2021-42133 was published Dec 8, 2021

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console... Critical Unreviewed

CVE-2018-17246 was published May 13, 2022

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos... High Unreviewed

CVE-2022-22246 was published Oct 18, 2022

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... High Unreviewed

CVE-2017-14095 was published May 13, 2022

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and... Critical Unreviewed

CVE-2017-1376 was published May 13, 2022

The cache directory on the local file system is set to be world writable. Firefox defaults to... Critical Unreviewed

CVE-2017-5397 was published May 13, 2022

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->... High Unreviewed

CVE-2018-1000502 was published May 13, 2022

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated... Critical Unreviewed

CVE-2018-15486 was published May 13, 2022

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. High Unreviewed

CVE-2018-18387 was published May 13, 2022

Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High

CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed

CVE-2021-41841 was published Feb 10, 2022

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed

CVE-2022-24232 was published Feb 25, 2022

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed

CVE-2019-4263 was published May 24, 2022

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed

CVE-2023-21440 was published Feb 9, 2023

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

122 advisories