GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,410
Composer 3,972
Erlang 29
GitHub Actions 16
Go 1,762
Maven 4,983
npm 3,518
NuGet 609
pip 3,094
Pub 10
RubyGems 833
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,726

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

309 advisories

Filter by severity

Sort by

Least recently updated

SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows... Critical Unreviewed

CVE-2014-8621 was published May 17, 2022

Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context... Critical Unreviewed

CVE-2014-9474 was published May 17, 2022

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary... Critical Unreviewed

CVE-2014-3702 was published May 17, 2022

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote... Critical Unreviewed

CVE-2014-9487 was published May 17, 2022

nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote... Critical Unreviewed

CVE-2014-9733 was published May 17, 2022

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5... Critical Unreviewed

CVE-2014-2023 was published May 17, 2022

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by... Critical Unreviewed

CVE-2014-3624 was published May 17, 2022

SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote... Critical Unreviewed

CVE-2013-5017 was published May 14, 2022

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to... Critical Unreviewed

CVE-2014-0121 was published May 14, 2022

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle... Critical Unreviewed

CVE-2014-4914 was published May 14, 2022

TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of... Critical Unreviewed

CVE-2014-8579 was published May 14, 2022

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root... Critical Unreviewed

CVE-2014-5334 was published May 14, 2022

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for... Critical Unreviewed

CVE-2014-4972 was published May 14, 2022

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22... Critical Unreviewed

CVE-2017-16844 was published May 14, 2022

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17... Critical Unreviewed

CVE-2014-3244 was published May 14, 2022

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,... Critical Unreviewed

CVE-2014-3005 was published May 14, 2022

backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@#... Critical Unreviewed

CVE-2014-3205 was published May 14, 2022

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session... Critical Unreviewed

CVE-2014-3206 was published May 14, 2022

Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to... Critical Unreviewed

CVE-2014-2592 was published May 14, 2022

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2014-5044 was published May 14, 2022

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup... Critical Unreviewed

CVE-2014-4861 was published May 14, 2022

An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Critical Unreviewed

CVE-2014-4912 was published May 14, 2022

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts... Critical Unreviewed

CVE-2014-9972 was published May 14, 2022

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts... Critical Unreviewed

CVE-2014-9971 was published May 14, 2022

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow... Critical Unreviewed

CVE-2014-9976 was published May 14, 2022

Previous 1 2 … 5 6 7 8 9 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

309 advisories