Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

131,681 advisories

Loading
etcd has no minimum password length Moderate
CVE-2020-15115 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
OWASP AntiSamy Cross-site Scripting vulnerability Moderate
CVE-2017-14735 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly... Moderate Unreviewed
CVE-2015-1994 was published May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality,... Moderate Unreviewed
CVE-2014-4284 was published May 17, 2022
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards... Moderate Unreviewed
CVE-2014-6516 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through... Moderate Unreviewed
CVE-2014-3898 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1)... Moderate Unreviewed
CVE-2015-6330 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web... Moderate Unreviewed
CVE-2015-0655 was published May 17, 2022
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices... Moderate Unreviewed
CVE-2015-6343 was published May 17, 2022
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not... Moderate Unreviewed
CVE-2011-2224 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509,... Moderate Unreviewed
CVE-2015-3970 was published May 17, 2022
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1... Moderate Unreviewed
CVE-2014-6553 was published May 17, 2022
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before... Moderate Unreviewed
CVE-2015-7395 was published May 17, 2022
The Echo extension for MediWiki does not properly implement the hideuser functionality, which... Moderate Unreviewed
CVE-2015-8007 was published May 17, 2022
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL... Moderate Unreviewed
CVE-2015-5655 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension... Moderate Unreviewed
CVE-2015-8006 was published May 17, 2022
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which... Moderate Unreviewed
CVE-2015-7859 was published May 17, 2022
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows... Moderate Unreviewed
CVE-2015-7899 was published May 17, 2022
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x... Moderate Unreviewed
CVE-2015-7904 was published May 17, 2022
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail... Moderate Unreviewed
CVE-2015-8005 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows... Moderate Unreviewed
CVE-2015-5670 was published May 17, 2022
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products... Moderate Unreviewed
CVE-2014-3307 was published May 17, 2022
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote... Moderate Unreviewed
CVE-2015-6371 was published May 17, 2022
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different... Moderate Unreviewed
CVE-2015-7902 was published May 17, 2022
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the... Moderate Unreviewed
CVE-2015-3996 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database