GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,389 advisories
Filter by severity
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
Critical
Unreviewed
CVE-2017-17976
was published
May 14, 2022
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
Critical
Unreviewed
CVE-2018-5988
was published
May 14, 2022
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote...
Critical
Unreviewed
CVE-2017-1204
was published
May 14, 2022
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=...
Critical
Unreviewed
CVE-2018-5977
was published
May 14, 2022
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
Critical
Unreviewed
CVE-2018-5978
was published
May 14, 2022
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute...
Critical
Unreviewed
CVE-2017-18047
was published
May 14, 2022
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login...
Critical
Unreviewed
CVE-2018-5985
was published
May 14, 2022
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the...
Critical
Unreviewed
CVE-2018-5984
was published
May 14, 2022
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat...
Critical
Unreviewed
CVE-2018-5972
was published
May 14, 2022
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or ...
Critical
Unreviewed
CVE-2018-6365
was published
May 14, 2022
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted...
Critical
Unreviewed
CVE-2018-5997
was published
May 14, 2022
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track...
Critical
Unreviewed
CVE-2018-6308
was published
May 14, 2022
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php...
Critical
Unreviewed
CVE-2018-5973
was published
May 14, 2022
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14,...
Critical
Unreviewed
CVE-2017-13696
was published
May 14, 2022
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege...
Critical
Unreviewed
CVE-2018-6476
was published
May 14, 2022
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to...
Critical
Unreviewed
CVE-2017-17999
was published
May 14, 2022
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL...
Critical
Unreviewed
CVE-2018-5778
was published
May 14, 2022
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data...
Critical
Unreviewed
CVE-2018-5704
was published
May 14, 2022
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug...
Critical
Unreviewed
CVE-2018-6576
was published
May 14, 2022
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list...
Critical
Unreviewed
CVE-2018-6364
was published
May 14, 2022
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified...
Critical
Unreviewed
CVE-2018-0506
was published
May 14, 2022
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im...
Critical
Unreviewed
CVE-2018-6367
was published
May 14, 2022
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter...
Critical
Unreviewed
CVE-2018-6578
was published
May 14, 2022
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4...
Critical
Unreviewed
CVE-2018-6537
was published
May 14, 2022
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products...
Critical
Unreviewed
CVE-2018-6579
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API