GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,389 advisories
Filter by severity
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to...
Critical
Unreviewed
CVE-2017-14143
was published
May 14, 2022
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id...
Critical
Unreviewed
CVE-2018-5315
was published
May 14, 2022
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with...
Critical
Unreviewed
CVE-2018-5211
was published
May 14, 2022
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass...
Critical
Unreviewed
CVE-2017-15883
was published
May 14, 2022
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web...
Critical
Unreviewed
CVE-2017-16887
was published
May 14, 2022
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not...
Critical
Unreviewed
CVE-2017-16716
was published
May 14, 2022
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status...
Critical
Unreviewed
CVE-2018-5696
was published
May 14, 2022
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2017-17970
was published
May 14, 2022
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute...
Critical
Unreviewed
CVE-2017-7997
was published
May 14, 2022
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for...
Critical
Unreviewed
CVE-2014-4972
was published
May 14, 2022
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.
Critical
Unreviewed
CVE-2017-5971
was published
May 14, 2022
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote...
Critical
Unreviewed
CVE-2017-1670
was published
May 14, 2022
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and...
Critical
Unreviewed
CVE-2017-16510
was published
May 14, 2022
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat...
Critical
Unreviewed
CVE-2016-1051
was published
May 14, 2022
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code...
Critical
Unreviewed
CVE-2017-13177
was published
May 14, 2022
In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx...
Critical
Unreviewed
CVE-2017-13178
was published
May 14, 2022
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
Critical
Unreviewed
CVE-2017-1000231
was published
May 14, 2022
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible...
Critical
Unreviewed
CVE-2017-13179
was published
May 14, 2022
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as...
Critical
Unreviewed
CVE-2018-5724
was published
May 14, 2022
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
Critical
Unreviewed
CVE-2018-5723
was published
May 14, 2022
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22...
Critical
Unreviewed
CVE-2017-16844
was published
May 14, 2022
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User...
Critical
Unreviewed
CVE-2018-5979
was published
May 14, 2022
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2017-17946
was published
May 14, 2022
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a...
Critical
Unreviewed
CVE-2018-5726
was published
May 14, 2022
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote...
Critical
Unreviewed
CVE-2018-5195
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API