Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

81 advisories

Loading
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42133 was published Dec 8, 2021
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41841 was published Feb 10, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed
CVE-2022-24232 was published Feb 25, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25486 was published Mar 16, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25485 was published Mar 16, 2022
An attacker with the ability to modify a user program may change user program code on some... Critical Unreviewed
CVE-2022-1161 was published Apr 12, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed
CVE-2019-9829 was published May 13, 2022
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed
CVE-2018-8351 was published May 13, 2022
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console... Critical Unreviewed
CVE-2018-17246 was published May 13, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... High Unreviewed
CVE-2017-14095 was published May 13, 2022
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and... Critical Unreviewed
CVE-2017-1376 was published May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to... Critical Unreviewed
CVE-2017-5397 was published May 13, 2022
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->... High Unreviewed
CVE-2018-1000502 was published May 13, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated... Critical Unreviewed
CVE-2018-15486 was published May 13, 2022
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. High Unreviewed
CVE-2018-18387 was published May 13, 2022
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed
CVE-2019-4263 was published May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a... Moderate Unreviewed
CVE-2019-11742 was published May 24, 2022
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace... Moderate Unreviewed
CVE-2019-16951 was published May 24, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be... Moderate Unreviewed
CVE-2019-17014 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database