GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
754 advisories
Filter by severity
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might...
Moderate
Unreviewed
CVE-2014-1399
was published
May 14, 2022
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow...
Moderate
Unreviewed
CVE-2014-1400
was published
May 14, 2022
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might...
Moderate
Unreviewed
CVE-2014-1398
was published
May 14, 2022
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for...
Moderate
Unreviewed
CVE-2016-9645
was published
May 14, 2022
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access...
Moderate
Unreviewed
CVE-2013-6739
was published
May 14, 2022
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session,...
Moderate
Unreviewed
CVE-2015-3155
was published
May 14, 2022
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the...
Moderate
Unreviewed
CVE-2016-4963
was published
May 14, 2022
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate...
Moderate
Unreviewed
CVE-2015-1376
was published
May 14, 2022
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and...
Moderate
Unreviewed
CVE-2015-3152
was published
May 14, 2022
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files...
Moderate
Unreviewed
CVE-2016-1492
was published
May 14, 2022
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that...
Moderate
Unreviewed
CVE-2016-1782
was published
May 14, 2022
Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct...
Moderate
Unreviewed
CVE-2016-1920
was published
May 14, 2022
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers...
Moderate
Unreviewed
CVE-2016-3715
was published
May 14, 2022
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and...
Moderate
Unreviewed
CVE-2014-6319
was published
May 14, 2022
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof...
Moderate
Unreviewed
CVE-2015-1631
was published
May 14, 2022
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an...
Moderate
Unreviewed
CVE-2015-1761
was published
May 14, 2022
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP...
Moderate
Unreviewed
CVE-2016-3245
was published
May 14, 2022
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web...
Moderate
Unreviewed
CVE-2016-3244
was published
May 14, 2022
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,...
Moderate
Unreviewed
CVE-2016-3299
was published
May 14, 2022
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents,...
Moderate
Unreviewed
CVE-2016-3392
was published
May 14, 2022
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not...
Moderate
Unreviewed
CVE-2016-7226
was published
May 14, 2022
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not...
Moderate
Unreviewed
CVE-2016-7225
was published
May 14, 2022
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8...
Moderate
Unreviewed
CVE-2016-7224
was published
May 14, 2022
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8...
Moderate
Unreviewed
CVE-2016-7223
was published
May 14, 2022
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server...
Moderate
Unreviewed
CVE-2016-7237
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API