GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,561

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

517 advisories

Filter by severity

Sort by

Least recently updated

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object... Critical Unreviewed

CVE-2014-2293 was published May 14, 2022

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to... Critical Unreviewed

CVE-2018-9175 was published May 14, 2022

sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the... Critical Unreviewed

CVE-2018-9174 was published May 14, 2022

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows... Critical Unreviewed

CVE-2018-9847 was published May 14, 2022

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows... Critical Unreviewed

CVE-2018-9848 was published May 14, 2022

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php... Critical Unreviewed

CVE-2018-10133 was published May 14, 2022

Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in... Critical Unreviewed

CVE-2018-10740 was published May 14, 2022

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload... Critical Unreviewed

CVE-2018-10574 was published May 14, 2022

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on... Critical Unreviewed

CVE-2018-10429 was published May 14, 2022

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before... Critical Unreviewed

CVE-2018-8938 was published May 14, 2022

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when... Critical Unreviewed

CVE-2018-6512 was published May 14, 2022

An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write... Critical Unreviewed

CVE-2018-12531 was published May 14, 2022

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below)... Critical Unreviewed

CVE-2018-3608 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5780 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5779 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5781 was published May 14, 2022

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute... Critical Unreviewed

CVE-2018-14399 was published May 14, 2022

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote... Critical Unreviewed

CVE-2014-2302 was published May 14, 2022

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation,... Critical Unreviewed

CVE-2018-14579 was published May 14, 2022

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and... Critical Unreviewed

CVE-2018-16771 was published May 14, 2022

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in... Critical Unreviewed

CVE-2018-1999022 was published May 14, 2022

A remote code execution security vulnerability has been identified in all versions of the HP... Critical Unreviewed

CVE-2016-4391 was published May 14, 2022

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress... Critical Unreviewed

CVE-2015-8351 was published May 14, 2022

Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the... Critical Unreviewed

CVE-2016-2242 was published May 14, 2022

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code... Critical Unreviewed

CVE-2017-7494 was published May 14, 2022

Previous 1 2 … 15 16 17 18 19 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

517 advisories