GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,744
Composer 4,746
Erlang 35
GitHub Actions 29
Go 2,319
Maven 5,603
npm 3,955
NuGet 712
pip 3,736
Pub 12
RubyGems 920
Rust 972
Swift 38

Unreviewed advisories

All unreviewed 257,832

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,495 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using... Critical Unreviewed

CVE-2022-1950 was published Aug 2, 2022

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the... Critical Unreviewed

CVE-2022-2317 was published Aug 2, 2022

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead... Critical Unreviewed

CVE-2022-26437 was published Aug 2, 2022

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Critical Unreviewed

CVE-2022-2595 was published Aug 2, 2022

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation,... Critical Unreviewed

CVE-2022-31321 was published Aug 2, 2022

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application... Critical Unreviewed

CVE-2022-30083 was published Jul 31, 2022

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug... Critical Unreviewed

CVE-2022-1799 was published Jul 30, 2022

A vulnerability, which was classified as critical, has been found in SourceCodester Garage... Critical Unreviewed

CVE-2022-2578 was published Jul 30, 2022

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a... Critical Unreviewed

CVE-2022-35643 was published Jul 30, 2022

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. Critical Unreviewed

CVE-2022-1277 was published Jul 30, 2022

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL... Critical Unreviewed

CVE-2022-22280 was published Jul 30, 2022

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the... Critical Unreviewed

CVE-2022-34496 was published Jul 30, 2022

DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed

CVE-2022-34531 was published Jul 30, 2022

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi... Critical Unreviewed

CVE-2022-22683 was published Jul 29, 2022

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi... Critical Unreviewed

CVE-2022-27612 was published Jul 29, 2022

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to... Critical Unreviewed

CVE-2022-31627 was published Jul 29, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x... Critical Unreviewed

CVE-2022-36986 was published Jul 29, 2022

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote... Critical Unreviewed

CVE-2022-2010 was published Jul 29, 2022

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed

CVE-2021-22648 was published Jul 29, 2022

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed

CVE-2021-22644 was published Jul 29, 2022

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on... Critical Unreviewed

CVE-2021-22650 was published Jul 29, 2022

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted,... Critical Unreviewed

CVE-2021-22646 was published Jul 29, 2022

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed

CVE-2021-22640 was published Jul 29, 2022

Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient... Critical Unreviewed

CVE-2022-30315 was published Jul 29, 2022

Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF... Critical Unreviewed

CVE-2016-4991 was published Jul 29, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,495 advisories