Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,235 advisories

Loading
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec... High Unreviewed
CVE-2016-7032 was published May 13, 2022
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative... High Unreviewed
CVE-2015-8284 was published May 17, 2022
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. High Unreviewed
CVE-2015-4624 was published May 14, 2022
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote... High Unreviewed
CVE-2015-7265 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct... High Unreviewed
CVE-2015-7263 was published May 14, 2022
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary... High Unreviewed
CVE-2016-9956 was published May 13, 2022
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a... High Unreviewed
CVE-2016-10026 was published May 17, 2022
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files... High Unreviewed
CVE-2016-6255 was published May 17, 2022
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101... High Unreviewed
CVE-2015-6023 was published May 14, 2022
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass... High Unreviewed
CVE-2016-1894 was published May 17, 2022
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge... High Unreviewed
CVE-2015-8973 was published May 17, 2022
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox... High Unreviewed
CVE-2016-7545 was published May 14, 2022
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows... High Unreviewed
CVE-2016-9415 was published May 17, 2022
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt... High Unreviewed
CVE-2025-25950 was published Mar 3, 2025
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint... High Unreviewed
CVE-2021-38417 was published Jul 28, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-1066 was published Oct 21, 2022
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management... High Unreviewed
CVE-2025-30707 was published Apr 15, 2025
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The... High Unreviewed
CVE-2025-30690 was published Apr 15, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... High Unreviewed
CVE-2025-21587 was published Apr 15, 2025
Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows... High Unreviewed
CVE-2024-38202 was published Aug 8, 2024
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). ... High Unreviewed
CVE-2025-30728 was published Apr 15, 2025
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are... High Unreviewed
CVE-2025-30736 was published Apr 15, 2025
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle... High Unreviewed
CVE-2025-30735 was published Apr 15, 2025
In Grafana Enterprise Metrics (GEM) before 1.7.1 and 2.x before 2.3.1, after creating an Access... High Unreviewed
CVE-2022-44643 was published Dec 20, 2022
yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions High
CVE-2014-6289 was published for dl/yag (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database