Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,817 advisories

Loading
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows... Critical Unreviewed
CVE-2015-9245 was published May 17, 2022
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a... High Unreviewed
CVE-2016-5341 was published May 17, 2022
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to... Moderate Unreviewed
CVE-2012-1327 was published May 17, 2022
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for... Moderate Unreviewed
CVE-2016-6338 was published May 17, 2022
The Weintek cMT product line is vulnerable to various improper access controls, which may allow... Critical Unreviewed
CVE-2021-27444 was published May 17, 2022
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1... Moderate Unreviewed
CVE-2015-8845 was published May 14, 2022
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read,... Moderate Unreviewed
CVE-2016-2100 was published May 14, 2022
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world... Moderate Unreviewed
CVE-2016-3107 was published May 14, 2022
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer... High Unreviewed
CVE-2016-3112 was published May 14, 2022
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman... High Unreviewed
CVE-2016-3728 was published May 14, 2022
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection... Moderate Unreviewed
CVE-2016-5176 was published May 14, 2022
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access... High Unreviewed
CVE-2016-5173 was published May 14, 2022
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android... Moderate Unreviewed
CVE-2016-5189 was published May 14, 2022
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in... Moderate Unreviewed
CVE-2016-5192 was published May 14, 2022
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883... High Unreviewed
CVE-2016-5206 was published May 14, 2022
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0... Moderate Unreviewed
CVE-2016-5217 was published May 14, 2022
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox... High Unreviewed
CVE-2016-7545 was published May 14, 2022
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM... Moderate Unreviewed
CVE-2016-8630 was published May 14, 2022
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local... Moderate Unreviewed
CVE-2016-8645 was published May 14, 2022
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local... High Unreviewed
CVE-2016-8399 was published May 14, 2022
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE... High Unreviewed
CVE-2011-3544 was published May 14, 2022
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special... High Unreviewed
CVE-2015-8008 was published May 14, 2022
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger... High Unreviewed
CVE-2015-3888 was published May 14, 2022
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1... Moderate Unreviewed
CVE-2016-0342 was published May 14, 2022
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service ... Critical Unreviewed
CVE-2016-6598 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database