GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,411 advisories
Filter by severity
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a...
Critical
Unreviewed
CVE-2017-17872
was published
May 14, 2022
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view...
Critical
Unreviewed
CVE-2017-17875
was published
May 14, 2022
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access...
Critical
Unreviewed
CVE-2018-3813
was published
May 14, 2022
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted)...
Critical
Unreviewed
CVE-2017-17098
was published
May 14, 2022
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote...
Critical
Unreviewed
CVE-2017-1000423
was published
May 14, 2022
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates...
Critical
Unreviewed
CVE-2017-18021
was published
May 14, 2022
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker...
Critical
Unreviewed
CVE-2017-15548
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (libavc). Product: Android...
Critical
Unreviewed
CVE-2017-13203
was published
May 14, 2022
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution...
Critical
Unreviewed
CVE-2015-9246
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (libhevc). Product:...
Critical
Unreviewed
CVE-2017-13187
was published
May 14, 2022
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of...
Critical
Unreviewed
CVE-2014-8579
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (libavc). Product: Android...
Critical
Unreviewed
CVE-2017-13204
was published
May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that...
Critical
Unreviewed
CVE-2017-17097
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (libhevc). Product:...
Critical
Unreviewed
CVE-2017-13185
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (aac). Product: Android....
Critical
Unreviewed
CVE-2017-13188
was published
May 14, 2022
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview...
Critical
Unreviewed
CVE-2015-9249
was published
May 14, 2022
An information disclosure vulnerability in the Android media framework (libmpeg2). Product:...
Critical
Unreviewed
CVE-2017-13205
was published
May 14, 2022
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the...
Critical
Unreviewed
CVE-2017-11079
was published
May 14, 2022
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed....
Critical
Unreviewed
CVE-2017-15714
was published
May 14, 2022
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to...
Critical
Unreviewed
CVE-2017-11357
was published
May 14, 2022
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id...
Critical
Unreviewed
CVE-2018-5315
was published
May 14, 2022
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS...
Critical
Unreviewed
CVE-2016-0332
was published
May 14, 2022
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root...
Critical
Unreviewed
CVE-2014-5334
was published
May 14, 2022
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to...
Critical
Unreviewed
CVE-2017-14143
was published
May 14, 2022
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with...
Critical
Unreviewed
CVE-2018-5211
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API