Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

895 advisories

Loading
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x... Moderate Unreviewed
CVE-2010-4572 was published May 17, 2022
Code injection in npm git Moderate
CVE-2021-23632 was published for git (npm) Mar 18, 2022
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which... Moderate Unreviewed
CVE-2021-38745 was published Mar 22, 2022
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly... Moderate Unreviewed
CVE-2010-2809 was published May 17, 2022
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. Moderate Unreviewed
CVE-2021-45655 was published Dec 27, 2021
Improper Control of Generation of Code in Spring Security Moderate
CVE-2011-2732 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Improper Control of Generation of Code in Apache Kafka Moderate
CVE-2018-1288 was published for org.apache.kafka:kafka (Maven) May 13, 2022
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when... Moderate Unreviewed
CVE-2010-2677 was published May 17, 2022
Improper Control of Generation of Code in HawtJNI Moderate
CVE-2013-2035 was published for org.fusesource.hawtjni:hawtjni-runtime (Maven) May 17, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when... Moderate Unreviewed
CVE-2010-2618 was published May 17, 2022
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2,... Moderate Unreviewed
CVE-2010-2358 was published May 17, 2022
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka... Moderate Unreviewed
CVE-2010-1546 was published May 17, 2022
PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when... Moderate Unreviewed
CVE-2010-1978 was published May 17, 2022
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel.... Moderate Unreviewed
CVE-2021-39402 was published May 24, 2022
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when... Moderate Unreviewed
CVE-2010-1944 was published May 17, 2022
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers... Moderate Unreviewed
CVE-2008-6531 was published May 17, 2022
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors... Moderate Unreviewed
CVE-2008-6373 was published May 17, 2022
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when... Moderate Unreviewed
CVE-2010-1528 was published May 17, 2022
PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals... Moderate Unreviewed
CVE-2008-7183 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database