Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,817 advisories

Loading
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi... Critical Unreviewed
CVE-2019-12771 was published May 24, 2022
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with... Critical Unreviewed
CVE-2019-12776 was published May 24, 2022
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. Critical Unreviewed
CVE-2019-12599 was published May 24, 2022
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL... Critical Unreviewed
CVE-2019-12601 was published May 24, 2022
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to... Critical Unreviewed
CVE-2019-2097 was published May 24, 2022
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. Critical Unreviewed
CVE-2019-9086 was published May 24, 2022
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. Critical Unreviewed
CVE-2019-9087 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the... Critical Unreviewed
CVE-2018-20354 was published May 24, 2022
An invalid write of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed
CVE-2018-20355 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the... Critical Unreviewed
CVE-2018-20353 was published May 24, 2022
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the... Critical Unreviewed
CVE-2019-12780 was published May 24, 2022
An invalid read of 8 bytes due to a use-after-free vulnerability in the... Critical Unreviewed
CVE-2018-20356 was published May 24, 2022
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users'... Critical Unreviewed
CVE-2019-9880 was published May 24, 2022
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with... Critical Unreviewed
CVE-2019-9879 was published May 24, 2022
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection... Critical Unreviewed
CVE-2017-18377 was published May 24, 2022
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell... Critical Unreviewed
CVE-2016-10760 was published May 24, 2022
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2018-11801 was published May 24, 2022
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2018-11800 was published May 24, 2022
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow... Critical Unreviewed
CVE-2018-20841 was published May 24, 2022
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir']... Critical Unreviewed
CVE-2017-18378 was published May 24, 2022
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server... Critical Unreviewed
CVE-2019-12146 was published May 24, 2022
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.... Critical Unreviewed
CVE-2019-12144 was published May 24, 2022
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF,... Critical Unreviewed
CVE-2019-12153 was published May 24, 2022
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to... Critical Unreviewed
CVE-2019-12154 was published May 24, 2022
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable... Critical Unreviewed
CVE-2019-12765 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database