Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,781
Pub
12
RubyGems
926
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,555 advisories

Loading
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could... Moderate Unreviewed
CVE-2020-11647 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-11770 was published May 24, 2022
A security feature bypass vulnerability exists when Windows fails to properly handle token... Moderate Unreviewed
CVE-2020-0981 was published May 24, 2022
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ... Moderate Unreviewed
CVE-2020-1022 was published May 24, 2022
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. High Unreviewed
CVE-2021-27971 was published Feb 1, 2022
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous... High Unreviewed
CVE-2020-7947 was published May 24, 2022
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina... Moderate Unreviewed
CVE-2020-3884 was published May 24, 2022
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability... High Unreviewed
CVE-2020-9347 was published May 24, 2022
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via... High Unreviewed
CVE-2020-5558 was published May 24, 2022
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially... Moderate Unreviewed
CVE-2020-10075 was published May 24, 2022
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (... High Unreviewed
CVE-2020-7475 was published May 24, 2022
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. Moderate Unreviewed
CVE-2020-9466 was published May 24, 2022
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi... Moderate Unreviewed
CVE-2020-10460 was published May 24, 2022
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n... Moderate Unreviewed
CVE-2020-6581 was published May 24, 2022
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to... Moderate Unreviewed
CVE-2019-19614 was published May 24, 2022
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability.... High Unreviewed
CVE-2020-3760 was published May 24, 2022
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash.... Moderate Unreviewed
CVE-2020-9428 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary... High Unreviewed
CVE-2020-4211 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary... High Unreviewed
CVE-2020-4212 was published May 24, 2022
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify... High Unreviewed
CVE-2020-3924 was published May 24, 2022
LiteCart through 2.2.1 allows CSV injection via a customer's profile. Moderate Unreviewed
CVE-2020-9017 was published May 24, 2022
SuiteCRM through 7.11.11 allows PHAR Deserialization. Moderate Unreviewed
CVE-2020-8801 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary... High Unreviewed
CVE-2020-4222 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary... High Unreviewed
CVE-2020-4213 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database