Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,803 advisories

Loading
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Critical Unreviewed
CVE-2022-44175 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. Critical Unreviewed
CVE-2022-44177 was published Nov 21, 2022
Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. Critical Unreviewed
CVE-2022-44174 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. Critical Unreviewed
CVE-2022-44176 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. Critical Unreviewed
CVE-2022-44172 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. Critical Unreviewed
CVE-2022-44171 was published Nov 21, 2022
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden... Critical Unreviewed
CVE-2021-24649 was published Nov 21, 2022
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output... Critical Unreviewed
CVE-2022-3600 was published Nov 21, 2022
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when... Critical Unreviewed
CVE-2022-3634 was published Nov 21, 2022
SQL injection in Dolibarr Critical
CVE-2022-4093 was published for dolibarr/dolibarr (Composer) Nov 21, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed
CVE-2022-44584 was published Nov 19, 2022
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be... Critical Unreviewed
CVE-2022-45132 was published Nov 19, 2022
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1... Critical Unreviewed
CVE-2022-42698 was published Nov 19, 2022
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Critical Unreviewed
CVE-2022-42497 was published Nov 19, 2022
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Critical Unreviewed
CVE-2022-41155 was published Nov 19, 2022
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Critical Unreviewed
CVE-2022-41781 was published Nov 18, 2022
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Critical Unreviewed
CVE-2022-41652 was published Nov 18, 2022
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Critical Unreviewed
CVE-2022-41840 was published Nov 18, 2022
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Critical Unreviewed
CVE-2022-45474 was published Nov 18, 2022
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. Critical Unreviewed
CVE-2022-44204 was published Nov 18, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the... Critical Unreviewed
CVE-2022-44001 was published Nov 18, 2022
DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers ... Critical Unreviewed
CVE-2022-36786 was published Nov 18, 2022
Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get... Critical Unreviewed
CVE-2022-36787 was published Nov 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database