Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,277 advisories

Loading
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass... Moderate Unreviewed
CVE-2013-7093 was published May 14, 2022
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for... Moderate Unreviewed
CVE-2013-4958 was published May 14, 2022
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification,... Moderate Unreviewed
CVE-2013-2944 was published May 14, 2022
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7... Moderate Unreviewed
CVE-2012-3492 was published May 17, 2022
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11... Moderate Unreviewed
CVE-2012-3137 was published May 17, 2022
The administrative interface in the embedded web server on the BreakingPoint Storm appliance... Moderate Unreviewed
CVE-2012-2963 was published May 17, 2022
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6,... Moderate Unreviewed
CVE-2012-2122 was published May 17, 2022
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not... Moderate Unreviewed
CVE-2012-3356 was published May 14, 2022
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is... Moderate Unreviewed
CVE-2011-5053 was published May 17, 2022
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x... Moderate Unreviewed
CVE-2011-3667 was published May 17, 2022
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin... Moderate Unreviewed
CVE-2011-0435 was published May 17, 2022
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply... Moderate Unreviewed
CVE-2009-4821 was published May 2, 2022
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote... Moderate Unreviewed
CVE-2010-1097 was published May 2, 2022
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10... Moderate Unreviewed
CVE-2010-1040 was published May 2, 2022
Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header... Moderate Unreviewed
CVE-2025-22232 was published Apr 10, 2025
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential Moderate
CVE-2009-3635 was published for typo3/cms (Composer) May 2, 2022
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful... Moderate Unreviewed
CVE-2022-47974 was published Jan 6, 2023
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete... Moderate Unreviewed
CVE-2009-4089 was published May 2, 2022
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5... Moderate Unreviewed
CVE-2009-3862 was published May 2, 2022
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative... Moderate Unreviewed
CVE-2009-2334 was published May 2, 2022
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in... Moderate Unreviewed
CVE-2009-1754 was published May 2, 2022
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information... Moderate Unreviewed
CVE-2008-6440 was published May 17, 2022
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security... Moderate Unreviewed
CVE-2008-3866 was published May 2, 2022
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9... Moderate Unreviewed
CVE-2008-3905 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database