GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,350

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

509 advisories

Filter by severity

Sort by

Least recently updated

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on... Critical Unreviewed

CVE-2018-10429 was published May 14, 2022

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before... Critical Unreviewed

CVE-2018-8938 was published May 14, 2022

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when... Critical Unreviewed

CVE-2018-6512 was published May 14, 2022

An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write... Critical Unreviewed

CVE-2018-12531 was published May 14, 2022

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below)... Critical Unreviewed

CVE-2018-3608 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5780 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5781 was published May 14, 2022

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed

CVE-2018-5779 was published May 14, 2022

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute... Critical Unreviewed

CVE-2018-14399 was published May 14, 2022

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote... Critical Unreviewed

CVE-2014-2302 was published May 14, 2022

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation,... Critical Unreviewed

CVE-2018-14579 was published May 14, 2022

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and... Critical Unreviewed

CVE-2018-16771 was published May 14, 2022

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in... Critical Unreviewed

CVE-2018-1999022 was published May 14, 2022

A remote code execution security vulnerability has been identified in all versions of the HP... Critical Unreviewed

CVE-2016-4391 was published May 14, 2022

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress... Critical Unreviewed

CVE-2015-8351 was published May 14, 2022

Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the... Critical Unreviewed

CVE-2016-2242 was published May 14, 2022

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code... Critical Unreviewed

CVE-2017-7494 was published May 14, 2022

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to... Critical Unreviewed

CVE-2018-17126 was published May 14, 2022

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to... Critical Unreviewed

CVE-2015-9272 was published May 14, 2022

An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php... Critical Unreviewed

CVE-2018-18083 was published May 14, 2022

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress... Critical Unreviewed

CVE-2018-18461 was published May 14, 2022

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which... Critical Unreviewed

CVE-2018-18892 was published May 14, 2022

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute... Critical Unreviewed

CVE-2018-18835 was published May 14, 2022

Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to... Critical Unreviewed

CVE-2018-7633 was published May 14, 2022

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2)... Critical Unreviewed

CVE-2017-11459 was published May 14, 2022

Previous 1 2 … 15 16 17 18 19 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

509 advisories