Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

472 advisories

Loading
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated... Critical Unreviewed
CVE-2021-27446 was published May 17, 2022
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP)... Critical Unreviewed
CVE-2016-5713 was published May 14, 2022
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted)... Critical Unreviewed
CVE-2017-17098 was published May 14, 2022
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require... Critical Unreviewed
CVE-2018-7756 was published May 14, 2022
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown)... Critical Unreviewed
CVE-2018-8823 was published May 14, 2022
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object... Critical Unreviewed
CVE-2014-2293 was published May 14, 2022
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to... Critical Unreviewed
CVE-2018-9175 was published May 14, 2022
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the... Critical Unreviewed
CVE-2018-9174 was published May 14, 2022
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows... Critical Unreviewed
CVE-2018-9847 was published May 14, 2022
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows... Critical Unreviewed
CVE-2018-9848 was published May 14, 2022
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php... Critical Unreviewed
CVE-2018-10133 was published May 14, 2022
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in... Critical Unreviewed
CVE-2018-10740 was published May 14, 2022
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload... Critical Unreviewed
CVE-2018-10574 was published May 14, 2022
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on... Critical Unreviewed
CVE-2018-10429 was published May 14, 2022
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before... Critical Unreviewed
CVE-2018-8938 was published May 14, 2022
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when... Critical Unreviewed
CVE-2018-6512 was published May 14, 2022
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write... Critical Unreviewed
CVE-2018-12531 was published May 14, 2022
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below)... Critical Unreviewed
CVE-2018-3608 was published May 14, 2022
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed
CVE-2018-5780 was published May 14, 2022
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed
CVE-2018-5779 was published May 14, 2022
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and... Critical Unreviewed
CVE-2018-5781 was published May 14, 2022
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote... Critical Unreviewed
CVE-2014-2302 was published May 14, 2022
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute... Critical Unreviewed
CVE-2018-14399 was published May 14, 2022
GolemCMS through 2008-12-24, if the install/ directory remains active after an installation,... Critical Unreviewed
CVE-2018-14579 was published May 14, 2022
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and... Critical Unreviewed
CVE-2018-16771 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database