GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,346

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

509 advisories

Filter by severity

Sort by

Least recently updated

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed

CVE-2017-16783 was published May 13, 2022

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the... Critical Unreviewed

CVE-2017-7402 was published May 13, 2022

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer... Critical Unreviewed

CVE-2018-17207 was published May 13, 2022

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation... Critical Unreviewed

CVE-2018-17036 was published May 13, 2022

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to... Critical Unreviewed

CVE-2019-8341 was published May 13, 2022

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function... Critical Unreviewed

CVE-2022-29307 was published May 13, 2022

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3... Critical Unreviewed

CVE-2013-4211 was published May 5, 2022

Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Critical Unreviewed

CVE-2013-1666 was published May 5, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability... Critical Unreviewed

CVE-2022-22954 was published Apr 12, 2022

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed

CVE-2022-26255 was published Mar 29, 2022

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed

CVE-2022-26198 was published Mar 28, 2022

Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed

CVE-2022-26205 was published Mar 28, 2022

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute... Critical Unreviewed

CVE-2022-26272 was published Mar 26, 2022

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name... Critical Unreviewed

CVE-2021-26622 was published Mar 26, 2022

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to... Critical Unreviewed

CVE-2022-26174 was published Mar 23, 2022

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Critical Unreviewed

CVE-2022-25578 was published Mar 20, 2022

fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for... Critical Unreviewed

CVE-2020-15591 was published Mar 18, 2022

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow... Critical Unreviewed

CVE-2021-25003 was published Mar 15, 2022

There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed

CVE-2021-22430 was published Feb 26, 2022

PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed

CVE-2022-23389 was published Feb 15, 2022

iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability... Critical Unreviewed

CVE-2021-44978 was published Feb 9, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE... Critical Unreviewed

CVE-2022-21846 was published Jan 12, 2022

HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may... Critical Unreviewed

CVE-2021-39979 was published Jan 4, 2022

Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed

CVE-2021-42310 was published Dec 16, 2021

Previous 1 2 … 17 18 19 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

509 advisories