Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,664 advisories

Loading
elog 3.1.1 allows remote attackers to post data as any username in the logbook. High Unreviewed
CVE-2016-6342 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to... Moderate Unreviewed
CVE-2015-4902 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed
CVE-2016-3427 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101... Critical Unreviewed
CVE-2016-5582 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5568 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5556 was published May 13, 2022
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec... High Unreviewed
CVE-2016-7032 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325... High Unreviewed
CVE-2019-1653 was published May 13, 2022
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and... Moderate Unreviewed
CVE-2019-6538 was published May 13, 2022
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by... Moderate Unreviewed
CVE-2018-16838 was published May 13, 2022
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16... Moderate Unreviewed
CVE-2016-2167 was published May 13, 2022
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary... High Unreviewed
CVE-2016-9956 was published May 13, 2022
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to... Moderate Unreviewed
CVE-2016-3020 was published May 13, 2022
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. Moderate Unreviewed
CVE-2016-8643 was published May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,... High Unreviewed
CVE-2017-15131 was published May 13, 2022
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files... High Unreviewed
CVE-2015-3306 was published May 13, 2022
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not... High Unreviewed
CVE-2016-4979 was published May 13, 2022
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not... High Unreviewed
CVE-2016-5387 was published May 13, 2022
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the... High Unreviewed
CVE-2016-9599 was published May 13, 2022
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016... Moderate Unreviewed
CVE-2016-3366 was published May 13, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary... Critical Unreviewed
CVE-2016-3987 was published May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed
CVE-2016-2788 was published May 13, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed
CVE-2016-9877 was published May 13, 2022
A privilege escalation vulnerability exists in the router configuration import functionality of... High Unreviewed
CVE-2022-21182 was published May 13, 2022
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute... High Unreviewed
CVE-2013-0422 was published May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database