Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because... Critical Unreviewed
CVE-2014-5470 was published Jun 22, 2024
LZ4 vulnerable to Out-of-bounds Write Critical
CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. Critical Unreviewed
CVE-2014-10376 was published May 17, 2022
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. Critical Unreviewed
CVE-2014-125106 was published Jun 18, 2023
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and... Critical Unreviewed
CVE-2019-19790 was published May 24, 2022
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4... Critical Unreviewed
CVE-2017-18571 was published May 24, 2022
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search... Critical Unreviewed
CVE-2016-10917 was published May 24, 2022
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. Critical Unreviewed
CVE-2014-2727 was published May 17, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute... Critical Unreviewed
CVE-2014-2228 was published May 17, 2022
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a... Critical Unreviewed
CVE-2014-4651 was published May 17, 2022
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include... Critical Unreviewed
CVE-2014-3879 was published May 17, 2022
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to... Critical Unreviewed
CVE-2014-4981 was published May 17, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass... Critical Unreviewed
CVE-2014-2595 was published May 17, 2022
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which... Critical Unreviewed
CVE-2014-9530 was published May 17, 2022
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision... Critical Unreviewed
CVE-2014-8741 was published May 17, 2022
eDeploy has RCE via cPickle deserialization of untrusted data Critical Unreviewed
CVE-2014-3699 was published May 17, 2022
SQL injection vulnerability in DBD::PgPP 0.05 and earlier Critical Unreviewed
CVE-2014-7257 was published May 17, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp... Critical Unreviewed
CVE-2014-6311 was published May 17, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory... Critical Unreviewed
CVE-2014-10390 was published May 17, 2022
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. Critical Unreviewed
CVE-2014-10387 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API