Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles... High Unreviewed
CVE-2020-12278 was published May 24, 2022
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't... Critical Unreviewed
CVE-2020-10574 was published May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote... Moderate Unreviewed
CVE-2019-12837 was published May 24, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This... High Unreviewed
CVE-2019-17575 was published May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a... Moderate Unreviewed
CVE-2019-0220 was published May 24, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization Critical
CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company... Moderate Unreviewed
CVE-2022-29448 was published May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29445 was published May 19, 2022
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0... Moderate Unreviewed
CVE-2018-6112 was published May 13, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9616 was published May 13, 2022
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic... Moderate Unreviewed
CVE-2019-0816 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0571 was published May 13, 2022
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection ... Moderate Unreviewed
CVE-2018-0237 was published May 13, 2022
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by... Critical Unreviewed
CVE-2019-8908 was published May 13, 2022
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code... Critical Unreviewed
CVE-2019-7731 was published May 13, 2022
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and... High Unreviewed
CVE-2018-12020 was published May 13, 2022
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to... Moderate Unreviewed
CVE-2022-0855 was published Mar 5, 2022
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Unaligned references in Obstack High
CVE-2020-35894 was published for obstack (Rust) Aug 25, 2021
opencontainers runc contains procfs race condition with a shared volume mount Moderate
CVE-2019-19921 was published for github.com/opencontainers/runc (Go) May 27, 2021
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API