GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
309 advisories
Filter by severity
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because...
Critical
Unreviewed
CVE-2014-5470
was published
Jun 22, 2024
LZ4 vulnerable to Out-of-bounds Write
Critical
CVE-2014-125026
was published
for
github.com/cloudflare/golz4
(Go)
Dec 28, 2022
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
Critical
Unreviewed
CVE-2014-10376
was published
May 17, 2022
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
Critical
Unreviewed
CVE-2014-125106
was published
Jun 18, 2023
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and...
Critical
Unreviewed
CVE-2019-19790
was published
May 24, 2022
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4...
Critical
Unreviewed
CVE-2017-18571
was published
May 24, 2022
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search...
Critical
Unreviewed
CVE-2016-10917
was published
May 24, 2022
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
Critical
Unreviewed
CVE-2014-2727
was published
May 17, 2022
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute...
Critical
Unreviewed
CVE-2014-2228
was published
May 17, 2022
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a...
Critical
Unreviewed
CVE-2014-4651
was published
May 17, 2022
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include...
Critical
Unreviewed
CVE-2014-3879
was published
May 17, 2022
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to...
Critical
Unreviewed
CVE-2014-4981
was published
May 17, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass...
Critical
Unreviewed
CVE-2014-2595
was published
May 17, 2022
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which...
Critical
Unreviewed
CVE-2014-9530
was published
May 17, 2022
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision...
Critical
Unreviewed
CVE-2014-8741
was published
May 17, 2022
eDeploy has RCE via cPickle deserialization of untrusted data
Critical
Unreviewed
CVE-2014-3699
was published
May 17, 2022
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
Critical
Unreviewed
CVE-2014-7257
was published
May 17, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp...
Critical
Unreviewed
CVE-2014-6311
was published
May 17, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
Critical
Unreviewed
CVE-2014-3700
was published
May 17, 2022
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory...
Critical
Unreviewed
CVE-2014-10390
was published
May 17, 2022
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
Critical
Unreviewed
CVE-2014-10387
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API