Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,817 advisories

Loading
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1... High Unreviewed
CVE-2014-0881 was published May 14, 2022
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access... Moderate Unreviewed
CVE-2013-6739 was published May 14, 2022
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1... High Unreviewed
CVE-2013-6272 was published May 14, 2022
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by... Critical Unreviewed
CVE-2014-2048 was published May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote... Critical Unreviewed
CVE-2016-5239 was published May 14, 2022
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents... High Unreviewed
CVE-2016-9905 was published May 14, 2022
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session,... Moderate Unreviewed
CVE-2015-3155 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct... High Unreviewed
CVE-2015-7263 was published May 14, 2022
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote... High Unreviewed
CVE-2015-7265 was published May 14, 2022
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via... High Unreviewed
CVE-2013-2972 was published May 14, 2022
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the... Moderate Unreviewed
CVE-2016-4963 was published May 14, 2022
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5,... Low Unreviewed
CVE-2015-1922 was published May 14, 2022
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a... High Unreviewed
CVE-2014-8757 was published May 14, 2022
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate... Moderate Unreviewed
CVE-2015-1376 was published May 14, 2022
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and... Moderate Unreviewed
CVE-2015-3152 was published May 14, 2022
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin... High Unreviewed
CVE-2015-3302 was published May 14, 2022
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. High Unreviewed
CVE-2015-4624 was published May 14, 2022
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101... High Unreviewed
CVE-2015-6023 was published May 14, 2022
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging... High Unreviewed
CVE-2015-7367 was published May 14, 2022
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not... High Unreviewed
CVE-2015-7369 was published May 14, 2022
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not... Critical Unreviewed
CVE-2015-8361 was published May 14, 2022
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic... High Unreviewed
CVE-2016-0392 was published May 14, 2022
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and... High Unreviewed
CVE-2016-1518 was published May 14, 2022
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files... Moderate Unreviewed
CVE-2016-1492 was published May 14, 2022
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6... High Unreviewed
CVE-2016-1543 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database