GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,414

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

472 advisories

Filter by severity

Sort by

Least recently updated

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite... Critical Unreviewed

CVE-2018-6498 was published May 13, 2022

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite... Critical Unreviewed

CVE-2018-6499 was published May 13, 2022

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed

CVE-2017-7324 was published May 13, 2022

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to... Critical Unreviewed

CVE-2017-7321 was published May 13, 2022

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving... Critical Unreviewed

CVE-2018-18249 was published May 13, 2022

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote... Critical Unreviewed

CVE-2017-15376 was published May 13, 2022

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality... Critical Unreviewed

CVE-2017-1000196 was published May 13, 2022

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before... Critical Unreviewed

CVE-2013-6671 was published May 13, 2022

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a... Critical Unreviewed

CVE-2019-7692 was published May 13, 2022

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin... Critical Unreviewed

CVE-2018-18319 was published May 13, 2022

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which... Critical Unreviewed

CVE-2018-1207 was published May 13, 2022

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate... Critical Unreviewed

CVE-2018-8540 was published May 13, 2022

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion... Critical Unreviewed

CVE-2019-7609 was published May 13, 2022

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed

CVE-2017-16783 was published May 13, 2022

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the... Critical Unreviewed

CVE-2017-7402 was published May 13, 2022

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer... Critical Unreviewed

CVE-2018-17207 was published May 13, 2022

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation... Critical Unreviewed

CVE-2018-17036 was published May 13, 2022

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to... Critical Unreviewed

CVE-2019-8341 was published May 13, 2022

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function... Critical Unreviewed

CVE-2022-29307 was published May 13, 2022

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3... Critical Unreviewed

CVE-2013-4211 was published May 5, 2022

Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Critical Unreviewed

CVE-2013-1666 was published May 5, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability... Critical Unreviewed

CVE-2022-22954 was published Apr 12, 2022

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed

CVE-2022-26255 was published Mar 29, 2022

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed

CVE-2022-26198 was published Mar 28, 2022

Previous 1 2 … 15 16 17 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

472 advisories