Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

357 advisories

Loading
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote... Critical Unreviewed
CVE-2016-9565 was published May 14, 2022
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS... Critical Unreviewed
CVE-2016-0088 was published May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to... Critical Unreviewed
CVE-2013-5654 was published May 14, 2022
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When... Critical Unreviewed
CVE-2015-4594 was published May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed
CVE-2016-5022 was published May 14, 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts... Critical Unreviewed
CVE-2022-22282 was published May 14, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL... Critical Unreviewed
CVE-2017-7928 was published May 13, 2022
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by... Critical Unreviewed
CVE-2018-7364 was published May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote... Critical Unreviewed
CVE-2016-5118 was published May 13, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access... Critical Unreviewed
CVE-2010-5305 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed
CVE-2016-3427 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101... Critical Unreviewed
CVE-2016-5582 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5568 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5556 was published May 13, 2022
Apache Tomcat Improper Access Control vulnerability Critical
CVE-2016-8735 was published for org.apache.tomcat:tomcat-catalina (Maven) May 13, 2022
sunSUNQ westonsteimel
liususan091219
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary... Critical Unreviewed
CVE-2016-3987 was published May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed
CVE-2016-2788 was published May 13, 2022
Improper Access Control in SLF4J Critical
CVE-2018-8088 was published for org.slf4j:slf4j-ext (Maven) May 13, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed
CVE-2016-9877 was published May 13, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed
CVE-2022-20777 was published May 5, 2022
Roundup xml-rpc server improper check of property permissions Critical
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a... Critical Unreviewed
CVE-2022-0541 was published Apr 26, 2022
The public API error causes for the attacker to be able to bypass API access control. Critical Unreviewed
CVE-2022-23730 was published Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database