Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... High Unreviewed
CVE-2018-15964 was published May 13, 2022
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information... High Unreviewed
CVE-2018-12923 was published May 13, 2022
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was... High Unreviewed
CVE-2018-17956 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325... High Unreviewed
CVE-2019-1653 was published May 13, 2022
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace... High Unreviewed
CVE-2019-3781 was published May 13, 2022
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice... High Unreviewed
CVE-2018-10583 was published May 13, 2022
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON... High Unreviewed
CVE-2015-5738 was published May 13, 2022
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1... High Unreviewed
CVE-2017-9512 was published May 13, 2022
Moodle uses predictable password-recovery tokens High
CVE-2015-5267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list... High Unreviewed
CVE-2017-14404 was published May 13, 2022
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. High Unreviewed
CVE-2018-7686 was published May 13, 2022
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1,... High Unreviewed
CVE-2017-6910 was published May 13, 2022
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4... High Unreviewed
CVE-2014-6309 was published May 13, 2022
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for... High Unreviewed
CVE-2016-10181 was published May 13, 2022
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a... High Unreviewed
CVE-2018-12920 was published May 13, 2022
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1... High Unreviewed
CVE-2017-15518 was published May 13, 2022
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request... High Unreviewed
CVE-2014-8722 was published May 13, 2022
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive... High Unreviewed
CVE-2016-9839 was published May 13, 2022
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem... High Unreviewed
CVE-2015-8559 was published May 13, 2022
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly... High Unreviewed
CVE-2017-15139 was published May 13, 2022
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty)... High Unreviewed
CVE-2016-4474 was published May 13, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
Ansible sensitive information disclosure High
CVE-2018-16876 was published for ansible (pip) May 13, 2022
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control... High Unreviewed
CVE-2016-6220 was published May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices,... High Unreviewed
CVE-2017-10793 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database