Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,277 advisories

Loading
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2... Moderate Unreviewed
CVE-2008-4679 was published May 17, 2022
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain... Moderate Unreviewed
CVE-2022-29578 was published Jun 25, 2022
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator... Moderate Unreviewed
CVE-2022-43528 was published Jan 5, 2023
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR... Moderate Unreviewed
CVE-2021-27668 was published May 24, 2022
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the... Moderate Unreviewed
CVE-2017-8006 was published May 17, 2022
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to... Moderate Unreviewed
CVE-2008-6569 was published May 17, 2022
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850.... Moderate Unreviewed
CVE-2020-36528 was published Jun 8, 2022
Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of... Moderate Unreviewed
CVE-2017-9475 was published May 17, 2022
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate... Moderate Unreviewed
CVE-2008-5082 was published May 17, 2022
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows... Moderate Unreviewed
CVE-2008-5296 was published May 17, 2022
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with... Moderate Unreviewed
CVE-2008-6707 was published May 17, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism... Moderate Unreviewed
CVE-2022-31461 was published Jun 3, 2022
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to... Moderate Unreviewed
CVE-2020-23058 was published May 24, 2022
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack... Moderate Unreviewed
CVE-2008-6128 was published May 17, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26971 was published Jun 3, 2022
A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches... Moderate Unreviewed
CVE-2021-1591 was published May 24, 2022
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass... Moderate Unreviewed
CVE-2020-15077 was published May 24, 2022
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web... Moderate Unreviewed
CVE-2008-6455 was published May 17, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to... Moderate Unreviewed
CVE-2021-20372 was published May 24, 2022
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows... Moderate Unreviewed
CVE-2021-20759 was published May 24, 2022
The function that is used to parse the Authentication header in Brocade Fabric OS Web application... Moderate Unreviewed
CVE-2021-27791 was published May 24, 2022
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a... Moderate Unreviewed
CVE-2008-7008 was published May 17, 2022
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack... Moderate Unreviewed
CVE-2008-6131 was published May 17, 2022
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows... Moderate Unreviewed
CVE-2010-1596 was published May 17, 2022
An attacker with physical access to the victim's device can bypass the application's password/pin... Moderate Unreviewed
CVE-2022-1716 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database