GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,...
Critical
Unreviewed
CVE-2016-10444
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC,...
Critical
Unreviewed
CVE-2016-10422
was published
May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote...
Critical
Unreviewed
CVE-2016-5239
was published
May 14, 2022
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted...
Critical
Unreviewed
CVE-2016-5229
was published
May 14, 2022
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote...
Critical
Unreviewed
CVE-2016-9565
was published
May 14, 2022
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not...
Critical
Unreviewed
CVE-2015-8361
was published
May 14, 2022
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS...
Critical
Unreviewed
CVE-2016-0088
was published
May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to...
Critical
Unreviewed
CVE-2013-5654
was published
May 14, 2022
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When...
Critical
Unreviewed
CVE-2015-4594
was published
May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x...
Critical
Unreviewed
CVE-2016-5022
was published
May 14, 2022
rdiffweb Improper Access Control vulnerability
Critical
CVE-2022-4724
was published
for
rdiffweb
(pip)
Dec 27, 2022
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords....
Critical
Unreviewed
CVE-2022-2052
was published
Oct 17, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access...
Critical
Unreviewed
CVE-2010-5305
was published
May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote...
Critical
Unreviewed
CVE-2016-5118
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5556
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101...
Critical
Unreviewed
CVE-2016-5582
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5568
was published
May 13, 2022
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3987
was published
May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers...
Critical
Unreviewed
CVE-2016-2788
was published
May 13, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ...
Critical
Unreviewed
CVE-2016-9877
was published
May 13, 2022
A vulnerability was found in House Rental System and classified as critical. Affected by this...
Critical
Unreviewed
CVE-2022-4276
was published
Dec 3, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2019-2729
was published
May 24, 2022
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows...
Critical
Unreviewed
CVE-2015-0150
was published
May 24, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
ProTip!
Advisories are also available from the
GraphQL API