GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
An attacker with the ability to modify a user program may change user program code on some...
Critical
Unreviewed
CVE-2022-1161
was published
Apr 12, 2022
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated...
Critical
Unreviewed
CVE-2022-24119
was published
Dec 26, 2022
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in...
Critical
Unreviewed
CVE-2020-4561
was published
May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of...
Critical
Unreviewed
CVE-2021-21804
was published
May 24, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and...
Critical
Unreviewed
CVE-2020-16152
was published
May 24, 2022
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console...
Critical
Unreviewed
CVE-2018-17246
was published
May 13, 2022
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and...
Critical
Unreviewed
CVE-2017-1376
was published
May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to...
Critical
Unreviewed
CVE-2017-5397
was published
May 13, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated...
Critical
Unreviewed
CVE-2018-15486
was published
May 13, 2022
paranoid2 gem Code backdoor
Critical
CVE-2019-13589
was published
for
paranoid2
(RubyGems)
Jul 16, 2019
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation...
Critical
Unreviewed
CVE-2023-45798
was published
Oct 30, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2023-4488
was published
Oct 20, 2023
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-35629
was published
Jun 4, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information...
Critical
Unreviewed
CVE-2024-38476
was published
Jul 1, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an...
Critical
Unreviewed
CVE-2024-9537
was published
Oct 18, 2024
ProTip!
Advisories are also available from the
GraphQL API