Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

937 advisories

Loading
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a... High Unreviewed
CVE-2016-9016 was published May 17, 2022
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the... High Unreviewed
CVE-2016-10370 was published May 17, 2022
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection... High Unreviewed
CVE-2014-9961 was published May 17, 2022
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to... High Unreviewed
CVE-2016-4383 was published May 17, 2022
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and... High Unreviewed
CVE-2015-0104 was published May 17, 2022
An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements... High Unreviewed
CVE-2016-5801 was published May 17, 2022
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass... High Unreviewed
CVE-2016-7807 was published May 17, 2022
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers... High Unreviewed
CVE-2016-7824 was published May 17, 2022
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an... High Unreviewed
CVE-2016-7833 was published May 17, 2022
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an... High Unreviewed
CVE-2015-9006 was published May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. High Unreviewed
CVE-2016-5058 was published May 17, 2022
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to... High Unreviewed
CVE-2016-10237 was published May 17, 2022
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT... High Unreviewed
CVE-2016-8791 was published May 17, 2022
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack... High Unreviewed
CVE-2016-8274 was published May 17, 2022
The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA... High Unreviewed
CVE-2015-8679 was published May 17, 2022
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows... High Unreviewed
CVE-2016-8588 was published May 17, 2022
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. High Unreviewed
CVE-2016-4850 was published May 17, 2022
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access... High Unreviewed
CVE-2016-6337 was published May 17, 2022
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box)... High Unreviewed
CVE-2016-10042 was published May 17, 2022
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350... High Unreviewed
CVE-2016-8236 was published May 17, 2022
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security... High Unreviewed
CVE-2016-6098 was published May 17, 2022
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. High Unreviewed
CVE-2016-5414 was published May 17, 2022
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via... High Unreviewed
CVE-2016-7408 was published May 17, 2022
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is... High Unreviewed
CVE-2016-9920 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API