GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
937 advisories
Filter by severity
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a...
High
Unreviewed
CVE-2016-9016
was published
May 17, 2022
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the...
High
Unreviewed
CVE-2016-10370
was published
May 17, 2022
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection...
High
Unreviewed
CVE-2014-9961
was published
May 17, 2022
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to...
High
Unreviewed
CVE-2016-4383
was published
May 17, 2022
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and...
High
Unreviewed
CVE-2015-0104
was published
May 17, 2022
An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements...
High
Unreviewed
CVE-2016-5801
was published
May 17, 2022
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass...
High
Unreviewed
CVE-2016-7807
was published
May 17, 2022
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers...
High
Unreviewed
CVE-2016-7824
was published
May 17, 2022
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an...
High
Unreviewed
CVE-2016-7833
was published
May 17, 2022
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an...
High
Unreviewed
CVE-2015-9006
was published
May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
High
Unreviewed
CVE-2016-5058
was published
May 17, 2022
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to...
High
Unreviewed
CVE-2016-10237
was published
May 17, 2022
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT...
High
Unreviewed
CVE-2016-8791
was published
May 17, 2022
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack...
High
Unreviewed
CVE-2016-8274
was published
May 17, 2022
The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA...
High
Unreviewed
CVE-2015-8679
was published
May 17, 2022
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows...
High
Unreviewed
CVE-2016-8588
was published
May 17, 2022
Flarum post mentions can be used to read any post on the forum without access control
High
CVE-2023-22487
was published
for
flarum/mentions
(Composer)
Jan 10, 2023
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
High
Unreviewed
CVE-2016-4850
was published
May 17, 2022
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access...
High
Unreviewed
CVE-2016-6337
was published
May 17, 2022
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box)...
High
Unreviewed
CVE-2016-10042
was published
May 17, 2022
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350...
High
Unreviewed
CVE-2016-8236
was published
May 17, 2022
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security...
High
Unreviewed
CVE-2016-6098
was published
May 17, 2022
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
High
Unreviewed
CVE-2016-5414
was published
May 17, 2022
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via...
High
Unreviewed
CVE-2016-7408
was published
May 17, 2022
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is...
High
Unreviewed
CVE-2016-9920
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API