GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24,090 advisories
Filter by severity
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in...
Critical
Unreviewed
CVE-2020-21119
was published
Feb 16, 2023
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit...
Critical
Unreviewed
CVE-2021-33925
was published
Feb 16, 2023
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter...
Critical
Unreviewed
CVE-2022-4445
was published
Feb 13, 2023
SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers...
Critical
Unreviewed
CVE-2020-21120
was published
Feb 16, 2023
In Config Manager, there is a possible command injection due to improper input validation. This...
Critical
Unreviewed
CVE-2021-31574
was published
Feb 7, 2023
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been...
Critical
Unreviewed
CVE-2023-0707
was published
Feb 7, 2023
In Boa, there is a possible escalation of privilege due to a missing permission check. This could...
Critical
Unreviewed
CVE-2021-31577
was published
Feb 7, 2023
In Config Manager, there is a possible command injection due to improper input validation. This...
Critical
Unreviewed
CVE-2021-31575
was published
Feb 7, 2023
In Config Manager, there is a possible command injection due to improper input validation. This...
Critical
Unreviewed
CVE-2021-31573
was published
Feb 7, 2023
Because the web management interface for Unified Intents' Unified Remote solution does not itself...
Critical
Unreviewed
CVE-2022-3229
was published
Feb 7, 2023
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could...
Critical
Unreviewed
CVE-2021-31578
was published
Feb 7, 2023
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution...
Critical
Unreviewed
CVE-2023-24576
was published
Feb 3, 2023
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly...
Critical
Unreviewed
CVE-2019-9010
was published
May 24, 2022
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating...
Critical
Unreviewed
CVE-2023-23076
was published
Feb 1, 2023
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25158
was published
for
org.geotools:gt-jdbc
(Maven)
Feb 22, 2023
GeoServer OGC Filter SQL Injection Vulnerabilities
Critical
CVE-2023-25157
was published
for
org.geoserver.community:gs-jdbcconfig
(Maven)
Feb 22, 2023
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions ...
Critical
Unreviewed
CVE-2023-24482
was published
Feb 14, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2023-24159
was published
Feb 14, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2023-24160
was published
Feb 14, 2023
pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow...
Critical
Unreviewed
CVE-2022-48078
was published
Feb 6, 2023
In NVS365 V01, the background network test function can trigger command execution.
Critical
Unreviewed
CVE-2022-47071
was published
Feb 6, 2023
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
Critical
Unreviewed
CVE-2021-36224
was published
Feb 6, 2023
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as...
Critical
Unreviewed
CVE-2023-0686
was published
Feb 6, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade...
Critical
Unreviewed
CVE-2021-36226
was published
Feb 6, 2023
ProTip!
Advisories are also available from the
GraphQL API