Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

268,511 advisories

Loading
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow... High Unreviewed
CVE-2020-7034 was published May 24, 2022
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0.... Moderate Unreviewed
CVE-2022-1991 was published Jun 8, 2022
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which... Moderate Unreviewed
CVE-2022-1568 was published May 31, 2022
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its... Moderate Unreviewed
CVE-2022-1644 was published May 31, 2022
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings... Moderate Unreviewed
CVE-2022-1645 was published May 31, 2022
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings,... Moderate Unreviewed
CVE-2022-1294 was published May 31, 2022
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well... Moderate Unreviewed
CVE-2022-0376 was published May 31, 2022
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute... High Unreviewed
CVE-2008-6026 was published May 17, 2022
Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and... Moderate Unreviewed
CVE-2008-6024 was published May 17, 2022
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. Moderate Unreviewed
CVE-2017-11716 was published May 17, 2022
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the... Moderate Unreviewed
CVE-2017-11629 was published May 17, 2022
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. Moderate Unreviewed
CVE-2017-12645 was published May 17, 2022
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in... High Unreviewed
CVE-2008-6070 was published May 17, 2022
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related... Critical Unreviewed
CVE-2017-11715 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers... Moderate Unreviewed
CVE-2008-6034 was published May 17, 2022
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04... High Unreviewed
CVE-2015-1332 was published May 17, 2022
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed
CVE-2017-11760 was published May 17, 2022
Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and... High Unreviewed
CVE-2008-6021 was published May 17, 2022
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps... Moderate Unreviewed
CVE-2016-10404 was published May 17, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24190 was published May 24, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24192 was published May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and... High Unreviewed
CVE-2018-10865 was published May 24, 2022
It has been discovered that redhat-certification does not restrict file access in the /update... Critical Unreviewed
CVE-2018-10867 was published May 24, 2022
A flaw was found in the OpenShift web console, where the access token is stored in the browser's... Moderate Unreviewed
CVE-2020-1761 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database