Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

428 advisories

Loading
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly... Moderate Unreviewed
CVE-2016-2178 was published May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to... Moderate Unreviewed
CVE-2019-1559 was published May 13, 2022
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and... Moderate Unreviewed
CVE-2017-5107 was published May 13, 2022
Observable Discrepancy in Apache Tomcat Moderate
CVE-2016-0762 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to... Moderate Unreviewed
CVE-2021-33149 was published May 13, 2022
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The... Moderate Unreviewed
CVE-2021-33845 was published May 7, 2022
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet... Moderate Unreviewed
CVE-2005-0918 was published May 1, 2022
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root... Moderate Unreviewed
CVE-2002-2094 was published Apr 30, 2022
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is... Moderate Unreviewed
CVE-2002-0515 was published Apr 30, 2022
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows... Moderate Unreviewed
CVE-2002-0514 was published Apr 30, 2022
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in... Moderate Unreviewed
CVE-2002-0208 was published Apr 30, 2022
AmTote International homebet program returns different error messages when invalid account... Moderate Unreviewed
CVE-2001-1528 was published Apr 30, 2022
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine... Moderate Unreviewed
CVE-2001-1483 was published Apr 30, 2022
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client... Moderate Unreviewed
CVE-2000-1117 was published Apr 30, 2022
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which... Moderate Unreviewed
CVE-2004-2252 was published Apr 29, 2022
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and... Moderate Unreviewed
CVE-2004-2150 was published Apr 29, 2022
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given... Moderate Unreviewed
CVE-2004-1602 was published Apr 29, 2022
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of... Moderate Unreviewed
CVE-2004-1428 was published Apr 29, 2022
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the... Moderate Unreviewed
CVE-2004-0778 was published Apr 29, 2022
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it... Moderate Unreviewed
CVE-2004-0294 was published Apr 29, 2022
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if... Moderate Unreviewed
CVE-2004-0243 was published Apr 29, 2022
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a... Moderate Unreviewed
CVE-2003-0637 was published Apr 29, 2022
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an... Moderate Unreviewed
CVE-2003-0190 was published Apr 29, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed
CVE-2022-1318 was published Apr 21, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed
CVE-2022-22356 was published Apr 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database