GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,859 advisories
Filter by severity
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to...
Critical
Unreviewed
CVE-2018-16188
was published
May 14, 2022
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded...
Critical
Unreviewed
CVE-2018-19468
was published
May 14, 2022
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or...
Critical
Unreviewed
CVE-2018-18801
was published
May 14, 2022
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php...
Critical
Unreviewed
CVE-2018-18795
was published
May 14, 2022
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be...
Critical
Unreviewed
CVE-2019-0247
was published
May 14, 2022
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
Critical
Unreviewed
CVE-2019-5893
was published
May 14, 2022
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018...
Critical
Unreviewed
CVE-2018-4169
was published
May 14, 2022
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users,...
Critical
Unreviewed
CVE-2015-9277
was published
May 14, 2022
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS...
Critical
Unreviewed
CVE-2018-4147
was published
May 14, 2022
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article...
Critical
Unreviewed
CVE-2019-6259
was published
May 14, 2022
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the...
Critical
Unreviewed
CVE-2018-20318
was published
May 14, 2022
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i,...
Critical
Unreviewed
CVE-2018-20768
was published
May 14, 2022
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name...
Critical
Unreviewed
CVE-2019-7720
was published
May 14, 2022
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/,...
Critical
Unreviewed
CVE-2019-7678
was published
May 14, 2022
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could...
Critical
Unreviewed
CVE-2018-5204
was published
May 14, 2022
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible...
Critical
Unreviewed
CVE-2018-5492
was published
May 14, 2022
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c...
Critical
Unreviewed
CVE-2017-18174
was published
May 14, 2022
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or...
Critical
Unreviewed
CVE-2018-20715
was published
May 14, 2022
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my...
Critical
Unreviewed
CVE-2018-20716
was published
May 14, 2022
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack...
Critical
Unreviewed
CVE-2019-6443
was published
May 14, 2022
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack...
Critical
Unreviewed
CVE-2019-6444
was published
May 14, 2022
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php...
Critical
Unreviewed
CVE-2019-3577
was published
May 14, 2022
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj]...
Critical
Unreviewed
CVE-2019-8429
was published
May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated...
Critical
Unreviewed
CVE-2018-17298
was published
May 14, 2022
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in...
Critical
Unreviewed
CVE-2019-6246
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API