Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web... High Unreviewed
CVE-2017-10037 was published May 17, 2022
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion ... High Unreviewed
CVE-2017-10310 was published May 17, 2022
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite ... High Unreviewed
CVE-2017-10328 was published May 17, 2022
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to... High Unreviewed
CVE-2014-9147 was published May 17, 2022
Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite ... High Unreviewed
CVE-2017-10332 was published May 17, 2022
Jenkins Pipeline: Input Step Plugin High
CVE-2017-1000108 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) May 17, 2022
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified... High Unreviewed
CVE-2016-0287 was published May 17, 2022
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how... High Unreviewed
CVE-2017-11776 was published May 17, 2022
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory... High Unreviewed
CVE-2017-10916 was published May 17, 2022
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before... High Unreviewed
CVE-2017-14099 was published May 17, 2022
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which... High Unreviewed
CVE-2017-15236 was published May 17, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a... High Unreviewed
CVE-2017-14943 was published May 17, 2022
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified... High Unreviewed
CVE-2017-14603 was published May 17, 2022
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a... High Unreviewed
CVE-2015-6668 was published May 17, 2022
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive... High Unreviewed
CVE-2017-13127 was published May 17, 2022
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an... High Unreviewed
CVE-2017-9368 was published May 17, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a... High Unreviewed
CVE-2017-1000133 was published May 17, 2022
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to... High Unreviewed
CVE-2017-1000151 was published May 17, 2022
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote... High Unreviewed
CVE-2017-1583 was published May 17, 2022
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote... High Unreviewed
CVE-2015-8544 was published May 17, 2022
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive... High Unreviewed
CVE-2016-6820 was published May 17, 2022
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of... High Unreviewed
CVE-2017-3935 was published May 17, 2022
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read... High Unreviewed
CVE-2017-16248 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database