GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,542

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

517 advisories

Filter by severity

Sort by

Least recently updated

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote... Critical Unreviewed

CVE-2017-15376 was published May 13, 2022

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality... Critical Unreviewed

CVE-2017-1000196 was published May 13, 2022

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before... Critical Unreviewed

CVE-2013-6671 was published May 13, 2022

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a... Critical Unreviewed

CVE-2019-7692 was published May 13, 2022

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin... Critical Unreviewed

CVE-2018-18319 was published May 13, 2022

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which... Critical Unreviewed

CVE-2018-1207 was published May 13, 2022

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... Critical Unreviewed

CVE-2018-8540 was published May 13, 2022

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion... Critical Unreviewed

CVE-2019-7609 was published May 13, 2022

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed

CVE-2017-16783 was published May 13, 2022

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the... Critical Unreviewed

CVE-2017-7402 was published May 13, 2022

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer... Critical Unreviewed

CVE-2018-17207 was published May 13, 2022

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation... Critical Unreviewed

CVE-2018-17036 was published May 13, 2022

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to... Critical Unreviewed

CVE-2019-8341 was published May 13, 2022

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function... Critical Unreviewed

CVE-2022-29307 was published May 13, 2022

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3... Critical Unreviewed

CVE-2013-4211 was published May 5, 2022

Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Critical Unreviewed

CVE-2013-1666 was published May 5, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability... Critical Unreviewed

CVE-2022-22954 was published Apr 12, 2022

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed

CVE-2022-26255 was published Mar 29, 2022

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed

CVE-2022-26198 was published Mar 28, 2022

Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed

CVE-2022-26205 was published Mar 28, 2022

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute... Critical Unreviewed

CVE-2022-26272 was published Mar 26, 2022

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed

CVE-2021-26622 was published Mar 26, 2022

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to... Critical Unreviewed

CVE-2022-26174 was published Mar 23, 2022

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Critical Unreviewed

CVE-2022-25578 was published Mar 20, 2022

Previous 1 2 … 17 18 19 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

517 advisories