Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password... High Unreviewed
CVE-2018-12089 was published May 14, 2022
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks... High Unreviewed
CVE-2017-5378 was published May 14, 2022
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads... High Unreviewed
CVE-2017-7787 was published May 14, 2022
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a... High Unreviewed
CVE-2018-5181 was published May 14, 2022
If a text string that happens to be a filename in the operating system's native format is dragged... High Unreviewed
CVE-2018-5182 was published May 14, 2022
When Private Browsing mode is used, it is possible for a web worker to write persistent data to... High Unreviewed
CVE-2017-7843 was published May 14, 2022
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs... High Unreviewed
CVE-2017-7759 was published May 14, 2022
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged... High Unreviewed
CVE-2017-5382 was published May 14, 2022
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will... High Unreviewed
CVE-2017-5385 was published May 14, 2022
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content... High Unreviewed
CVE-2018-5134 was published May 14, 2022
A mechanism to bypass file system access protections in the sandbox to use the file picker to... High Unreviewed
CVE-2017-5454 was published May 14, 2022
The Gecko Media Plugin sandbox allows access to local files that match specific regular... High Unreviewed
CVE-2017-5425 was published May 14, 2022
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows... High Unreviewed
CVE-2018-12684 was published May 14, 2022
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web... High Unreviewed
CVE-2018-5137 was published May 14, 2022
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive... High Unreviewed
CVE-2018-12594 was published May 14, 2022
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability.... High Unreviewed
CVE-2017-15328 was published May 14, 2022
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size... High Unreviewed
CVE-2018-10663 was published May 14, 2022
IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass... High Unreviewed
CVE-2018-0584 was published May 14, 2022
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon... High Unreviewed
CVE-2018-12592 was published May 14, 2022
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive... High Unreviewed
CVE-2017-2584 was published May 14, 2022
Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c... High Unreviewed
CVE-2017-15851 was published May 14, 2022
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user... High Unreviewed
CVE-2018-9185 was published May 14, 2022
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x... High Unreviewed
CVE-2017-15098 was published May 14, 2022
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a... High Unreviewed
CVE-2018-12735 was published May 14, 2022
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a... High Unreviewed
CVE-2018-12926 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database