GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
paranoid2 gem Code backdoor
Critical
CVE-2019-13589
was published
for
paranoid2
(RubyGems)
Jul 16, 2019
Unintended Require in larvitbase-api
High
CVE-2019-5479
was published
for
larvitbase-api
(npm)
Sep 11, 2019
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
Command Injection in @theia/messages
Moderate
CVE-2021-28162
was published
for
@theia/messages
(npm)
May 10, 2021
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
Moderate
CVE-2021-26272
was published
for
ckeditor4
(npm)
Oct 13, 2021
Embedded malware in ua-parser-js
High
GHSA-pjwm-rvh2-c87w
was published
for
ua-parser-js
(npm)
Oct 22, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42133
was published
Dec 8, 2021
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,...
Moderate
Unreviewed
CVE-2021-29113
was published
Dec 8, 2021
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that...
High
Unreviewed
CVE-2021-41841
was published
Feb 10, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to...
High
Unreviewed
CVE-2022-24232
was published
Feb 25, 2022
Improper Locking in JetBrains Kotlin
Moderate
CVE-2022-24329
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
Feb 26, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts...
High
Unreviewed
CVE-2022-25486
was published
Mar 16, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts...
High
Unreviewed
CVE-2022-25485
was published
Mar 16, 2022
An attacker with the ability to modify a user program may change user program code on some...
Critical
Unreviewed
CVE-2022-1161
was published
Apr 12, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ...
High
Unreviewed
CVE-2004-0030
was published
Apr 29, 2022
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)...
High
Unreviewed
CVE-2004-0285
was published
Apr 29, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Low
Unreviewed
CVE-2013-1945
was published
May 5, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an...
Moderate
Unreviewed
CVE-2022-29845
was published
May 12, 2022
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a...
High
Unreviewed
CVE-2019-9829
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API