GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

247 advisories

Filter by severity

Sort by

Least recently updated

The public API error causes for the attacker to be able to bypass API access control. Critical Unreviewed

CVE-2022-23730 was published Mar 12, 2022

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a... Critical Unreviewed

CVE-2022-0541 was published Apr 26, 2022

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed

CVE-2022-20777 was published May 5, 2022

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed

CVE-2016-9877 was published May 13, 2022

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed

CVE-2016-2788 was published May 13, 2022

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary... Critical Unreviewed

CVE-2016-3987 was published May 13, 2022

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed

CVE-2016-5556 was published May 13, 2022

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed

CVE-2016-5568 was published May 13, 2022

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101... Critical Unreviewed

CVE-2016-5582 was published May 13, 2022

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed

CVE-2016-3427 was published May 13, 2022

The potential exists for exposure of the product's password used to restrict unauthorized access... Critical Unreviewed

CVE-2010-5305 was published May 13, 2022

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote... Critical Unreviewed

CVE-2016-5118 was published May 13, 2022

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by... Critical Unreviewed

CVE-2018-7364 was published May 13, 2022

** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed

CVE-2017-9855 was published May 13, 2022

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts... Critical Unreviewed

CVE-2022-22282 was published May 14, 2022

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed

CVE-2016-5022 was published May 14, 2022

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When... Critical Unreviewed

CVE-2015-4594 was published May 14, 2022

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to... Critical Unreviewed

CVE-2013-5654 was published May 14, 2022

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS... Critical Unreviewed

CVE-2016-0088 was published May 14, 2022

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote... Critical Unreviewed

CVE-2016-9565 was published May 14, 2022

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted... Critical Unreviewed

CVE-2016-5229 was published May 14, 2022

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not... Critical Unreviewed

CVE-2015-8361 was published May 14, 2022

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote... Critical Unreviewed

CVE-2016-5239 was published May 14, 2022

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by... Critical Unreviewed

CVE-2014-2048 was published May 14, 2022

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,... Critical Unreviewed

CVE-2014-10053 was published May 14, 2022

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

247 advisories