GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
309 advisories
Filter by severity
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows...
Critical
Unreviewed
CVE-2014-8621
was published
May 17, 2022
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context...
Critical
Unreviewed
CVE-2014-9474
was published
May 17, 2022
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary...
Critical
Unreviewed
CVE-2014-3702
was published
May 17, 2022
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote...
Critical
Unreviewed
CVE-2014-9487
was published
May 17, 2022
nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote...
Critical
Unreviewed
CVE-2014-9733
was published
May 17, 2022
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5...
Critical
Unreviewed
CVE-2014-2023
was published
May 17, 2022
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by...
Critical
Unreviewed
CVE-2014-3624
was published
May 17, 2022
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote...
Critical
Unreviewed
CVE-2013-5017
was published
May 14, 2022
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to...
Critical
Unreviewed
CVE-2014-0121
was published
May 14, 2022
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle...
Critical
Unreviewed
CVE-2014-4914
was published
May 14, 2022
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of...
Critical
Unreviewed
CVE-2014-8579
was published
May 14, 2022
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root...
Critical
Unreviewed
CVE-2014-5334
was published
May 14, 2022
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for...
Critical
Unreviewed
CVE-2014-4972
was published
May 14, 2022
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22...
Critical
Unreviewed
CVE-2017-16844
was published
May 14, 2022
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17...
Critical
Unreviewed
CVE-2014-3244
was published
May 14, 2022
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1,...
Critical
Unreviewed
CVE-2014-3005
was published
May 14, 2022
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@#...
Critical
Unreviewed
CVE-2014-3205
was published
May 14, 2022
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session...
Critical
Unreviewed
CVE-2014-3206
was published
May 14, 2022
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to...
Critical
Unreviewed
CVE-2014-2592
was published
May 14, 2022
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2014-5044
was published
May 14, 2022
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup...
Critical
Unreviewed
CVE-2014-4861
was published
May 14, 2022
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
Critical
Unreviewed
CVE-2014-4912
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts...
Critical
Unreviewed
CVE-2014-9972
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts...
Critical
Unreviewed
CVE-2014-9971
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow...
Critical
Unreviewed
CVE-2014-9976
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API