Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
espeak-ruby allows arbitrary command execution Critical
CVE-2016-10193 was published for espeak-ruby (RubyGems) Oct 24, 2017
tdunlap607
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request Critical
CVE-2016-4800 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly Critical
CVE-2019-16377 was published for consul (RubyGems) Sep 27, 2019
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
The public API error causes for the attacker to be able to bypass API access control. Critical Unreviewed
CVE-2022-23730 was published Mar 12, 2022
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a... Critical Unreviewed
CVE-2022-0541 was published Apr 26, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed
CVE-2022-20777 was published May 5, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed
CVE-2016-9877 was published May 13, 2022
Improper Access Control in SLF4J Critical
CVE-2018-8088 was published for org.slf4j:slf4j-ext (Maven) May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed
CVE-2016-2788 was published May 13, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary... Critical Unreviewed
CVE-2016-3987 was published May 13, 2022
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Apache Tomcat Improper Access Control vulnerability Critical
CVE-2016-8735 was published for org.apache.tomcat:tomcat-catalina (Maven) May 13, 2022
sunSUNQ westonsteimel
liususan091219
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5556 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to... Critical Unreviewed
CVE-2016-5568 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101... Critical Unreviewed
CVE-2016-5582 was published May 13, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access... Critical Unreviewed
CVE-2010-5305 was published May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote... Critical Unreviewed
CVE-2016-5118 was published May 13, 2022
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by... Critical Unreviewed
CVE-2018-7364 was published May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts... Critical Unreviewed
CVE-2022-22282 was published May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed
CVE-2016-5022 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API