Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

263,321 advisories

Loading
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1... Low Unreviewed
CVE-2022-28794 was published Jun 8, 2022
A vulnerability classified as critical has been found in Demokratian. This affects an unknown... Critical Unreviewed
CVE-2020-36542 was published Jun 8, 2022
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30711 was published Jun 8, 2022
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2... Low Unreviewed
CVE-2022-30742 was published Jun 8, 2022
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers... Moderate Unreviewed
CVE-2022-30747 was published Jun 8, 2022
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30710 was published Jun 8, 2022
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1... Moderate Unreviewed
CVE-2022-30709 was published Jun 8, 2022
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0.... Moderate Unreviewed
CVE-2022-1991 was published Jun 8, 2022
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30713 was published Jun 8, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers... Moderate Unreviewed
CVE-2022-30724 was published Jun 8, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers... Moderate Unreviewed
CVE-2022-30725 was published Jun 8, 2022
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. Moderate Unreviewed
CVE-2022-31495 was published Jun 8, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS... High Unreviewed
CVE-2022-26741 was published May 27, 2022
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings... Moderate Unreviewed
CVE-2022-1645 was published May 31, 2022
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2022-1556 was published May 31, 2022
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could... High Unreviewed
CVE-2022-30687 was published May 28, 2022
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2022-1527 was published May 31, 2022
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its... Moderate Unreviewed
CVE-2022-1644 was published May 31, 2022
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings,... Moderate Unreviewed
CVE-2022-1294 was published May 31, 2022
Virtua Cobranca before 12R allows SQL Injection on the login page. High Unreviewed
CVE-2021-37589 was published Jun 8, 2022
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which... Moderate Unreviewed
CVE-2022-1568 was published May 31, 2022
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well... Moderate Unreviewed
CVE-2022-0376 was published May 31, 2022
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. Moderate Unreviewed
CVE-2017-12645 was published May 17, 2022
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related... Critical Unreviewed
CVE-2017-11715 was published May 17, 2022
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the... Moderate Unreviewed
CVE-2017-11629 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database