GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical....
Critical
Unreviewed
CVE-2015-10057
was published
Jan 16, 2023
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by...
Critical
Unreviewed
CVE-2018-7364
was published
May 13, 2022
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a...
Critical
Unreviewed
CVE-2022-0541
was published
Apr 26, 2022
The Weintek cMT product line is vulnerable to various improper access controls, which may allow...
Critical
Unreviewed
CVE-2021-27444
was published
May 17, 2022
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and...
Critical
Unreviewed
CVE-2022-25932
was published
Nov 9, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's...
Critical
Unreviewed
CVE-2020-12030
was published
May 24, 2022
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress...
Critical
Unreviewed
CVE-2021-24215
was published
May 24, 2022
This vulnerability allows remote attackers to execute escalate privileges on affected...
Critical
Unreviewed
CVE-2021-27258
was published
May 24, 2022
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875...
Critical
Unreviewed
CVE-2016-4694
was published
May 17, 2022
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files...
Critical
Unreviewed
CVE-2016-8565
was published
May 17, 2022
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006...
Critical
Unreviewed
CVE-2016-6958
was published
May 17, 2022
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle...
Critical
Unreviewed
CVE-2016-5605
was published
May 17, 2022
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743...
Critical
Unreviewed
CVE-2016-5144
was published
May 17, 2022
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote...
Critical
Unreviewed
CVE-2016-8418
was published
May 17, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an...
Critical
Unreviewed
CVE-2022-2103
was published
Jun 25, 2022
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites...
Critical
Unreviewed
CVE-2015-2692
was published
May 17, 2022
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors...
Critical
Unreviewed
CVE-2016-6143
was published
May 17, 2022
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload...
Critical
Unreviewed
CVE-2016-8938
was published
May 17, 2022
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm...
Critical
Unreviewed
CVE-2014-8362
was published
May 17, 2022
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2016-8606
was published
May 17, 2022
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX...
Critical
Unreviewed
CVE-2016-5815
was published
May 17, 2022
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values,...
Critical
Unreviewed
CVE-2016-8584
was published
May 17, 2022
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2016-7794
was published
May 17, 2022
Cougar-LG stores sensitive information under the web root with insufficient access control, which...
Critical
Unreviewed
CVE-2014-3928
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API