GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22,993 advisories
Filter by severity
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in...
Critical
Unreviewed
CVE-2021-39306
was published
Dec 23, 2021
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be...
Critical
Unreviewed
CVE-2021-45253
was published
Dec 22, 2021
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
Critical
Unreviewed
CVE-2021-45090
was published
Dec 22, 2021
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could...
Critical
Unreviewed
CVE-2021-36336
was published
Dec 22, 2021
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost...
Critical
Unreviewed
CVE-2016-10243
was published
May 17, 2022
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize...
Critical
Unreviewed
CVE-2017-1002020
was published
May 17, 2022
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute...
Critical
Unreviewed
CVE-2017-12776
was published
May 17, 2022
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could...
Critical
Unreviewed
CVE-2017-8015
was published
May 17, 2022
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU...
Critical
Unreviewed
CVE-2017-7614
was published
May 17, 2022
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in...
Critical
Unreviewed
CVE-2017-1002014
was published
May 17, 2022
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ....
Critical
Unreviewed
CVE-2017-1002028
was published
May 17, 2022
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't...
Critical
Unreviewed
CVE-2017-1002027
was published
May 17, 2022
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy...
Critical
Unreviewed
CVE-2022-23663
was published
May 17, 2022
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in...
Critical
Unreviewed
CVE-2017-1002015
was published
May 17, 2022
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
Critical
Unreviewed
CVE-2022-37968
was published
Oct 12, 2022
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption...
Critical
Unreviewed
CVE-2017-3086
was published
May 17, 2022
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special...
Critical
Unreviewed
CVE-2021-44164
was published
Dec 21, 2021
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square...
Critical
Unreviewed
CVE-2017-14396
was published
May 17, 2022
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in...
Critical
Unreviewed
CVE-2021-43033
was published
Dec 7, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the...
Critical
Unreviewed
CVE-2021-43036
was published
Dec 7, 2021
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker...
Critical
Unreviewed
CVE-2021-44159
was published
Dec 21, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated...
Critical
Unreviewed
CVE-2021-43035
was published
Dec 7, 2021
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution...
Critical
Unreviewed
CVE-2022-41382
was published
Oct 12, 2022
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution...
Critical
Unreviewed
CVE-2022-41383
was published
Oct 12, 2022
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3...
Critical
Unreviewed
CVE-2015-5206
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API