Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

266,283 advisories

Loading
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24194 was published May 24, 2022
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1... Moderate Unreviewed
CVE-2022-30709 was published Jun 8, 2022
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers... Moderate Unreviewed
CVE-2022-30747 was published Jun 8, 2022
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30711 was published Jun 8, 2022
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2... Low Unreviewed
CVE-2022-30742 was published Jun 8, 2022
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30710 was published Jun 8, 2022
Virtua Cobranca before 12R allows SQL Injection on the login page. High Unreviewed
CVE-2021-37589 was published Jun 8, 2022
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30713 was published Jun 8, 2022
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0.... Moderate Unreviewed
CVE-2022-1991 was published Jun 8, 2022
A vulnerability classified as critical has been found in Demokratian. This affects an unknown... Critical Unreviewed
CVE-2020-36542 was published Jun 8, 2022
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1... Low Unreviewed
CVE-2022-28794 was published Jun 8, 2022
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. Moderate Unreviewed
CVE-2022-31495 was published Jun 8, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers... Moderate Unreviewed
CVE-2022-30725 was published Jun 8, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers... Moderate Unreviewed
CVE-2022-30724 was published Jun 8, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function... Critical Unreviewed
CVE-2021-42875 was published Jun 3, 2022
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. Moderate Unreviewed
CVE-2017-11716 was published May 17, 2022
Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and... Moderate Unreviewed
CVE-2008-6024 was published May 17, 2022
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04... High Unreviewed
CVE-2015-1332 was published May 17, 2022
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps... Moderate Unreviewed
CVE-2016-10404 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers... Moderate Unreviewed
CVE-2008-6034 was published May 17, 2022
Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and... High Unreviewed
CVE-2008-6021 was published May 17, 2022
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute... High Unreviewed
CVE-2008-6026 was published May 17, 2022
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed
CVE-2017-11760 was published May 17, 2022
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the... Moderate Unreviewed
CVE-2017-11629 was published May 17, 2022
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related... Critical Unreviewed
CVE-2017-11715 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database