GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
754 advisories
Filter by severity
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang)...
Moderate
Unreviewed
CVE-2016-7244
was published
May 14, 2022
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12...
Moderate
Unreviewed
CVE-2016-5601
was published
May 14, 2022
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote...
Moderate
Unreviewed
CVE-2016-5104
was published
May 14, 2022
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1)...
Moderate
Unreviewed
CVE-2016-3992
was published
May 14, 2022
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a...
Moderate
Unreviewed
CVE-2016-2829
was published
May 14, 2022
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify...
Moderate
Unreviewed
CVE-2016-2825
was published
May 14, 2022
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the...
Moderate
Unreviewed
CVE-2016-2822
was published
May 14, 2022
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in...
Moderate
Unreviewed
CVE-2016-1699
was published
May 14, 2022
browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP...
Moderate
Unreviewed
CVE-2016-1694
was published
May 14, 2022
browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use...
Moderate
Unreviewed
CVE-2016-1693
was published
May 14, 2022
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704...
Moderate
Unreviewed
CVE-2016-1692
was published
May 14, 2022
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections...
Moderate
Unreviewed
CVE-2015-3148
was published
May 14, 2022
IBM Security Directory Server could allow an authenticated user to execute commands into the web...
Moderate
Unreviewed
CVE-2015-1976
was published
May 14, 2022
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the...
Moderate
Unreviewed
CVE-2015-2172
was published
May 14, 2022
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5...
Moderate
Unreviewed
CVE-2016-5608
was published
May 14, 2022
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5...
Moderate
Unreviewed
CVE-2016-5610
was published
May 14, 2022
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5...
Moderate
Unreviewed
CVE-2016-5613
was published
May 14, 2022
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5...
Moderate
Unreviewed
CVE-2016-6719
was published
May 14, 2022
An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x...
Moderate
Unreviewed
CVE-2016-6715
was published
May 14, 2022
A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before...
Moderate
Unreviewed
CVE-2016-6723
was published
May 14, 2022
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote...
Moderate
Unreviewed
CVE-2016-8288
was published
May 14, 2022
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage...
Moderate
Unreviewed
CVE-2014-8177
was published
May 14, 2022
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that...
Moderate
Unreviewed
CVE-2016-9722
was published
May 14, 2022
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote...
Moderate
Unreviewed
CVE-2016-0611
was published
May 14, 2022
Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows...
Moderate
Unreviewed
CVE-2016-3226
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API