Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,... Critical Unreviewed
CVE-2016-10444 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC,... Critical Unreviewed
CVE-2016-10422 was published May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote... Critical Unreviewed
CVE-2016-5239 was published May 14, 2022
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted... Critical Unreviewed
CVE-2016-5229 was published May 14, 2022
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote... Critical Unreviewed
CVE-2016-9565 was published May 14, 2022
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not... Critical Unreviewed
CVE-2015-8361 was published May 14, 2022
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS... Critical Unreviewed
CVE-2016-0088 was published May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to... Critical Unreviewed
CVE-2013-5654 was published May 14, 2022
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When... Critical Unreviewed
CVE-2015-4594 was published May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed
CVE-2016-5022 was published May 14, 2022
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords.... Critical Unreviewed
CVE-2022-2052 was published Oct 17, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access... Critical Unreviewed
CVE-2010-5305 was published May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote... Critical Unreviewed
CVE-2016-5118 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5556 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101... Critical Unreviewed
CVE-2016-5582 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5568 was published May 13, 2022
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary... Critical Unreviewed
CVE-2016-3987 was published May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed
CVE-2016-2788 was published May 13, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed
CVE-2016-9877 was published May 13, 2022
A vulnerability was found in House Rental System and classified as critical. Affected by this... Critical Unreviewed
CVE-2022-4276 was published Dec 3, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2729 was published May 24, 2022
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows... Critical Unreviewed
CVE-2015-0150 was published May 24, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API