Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community,... Critical Unreviewed
CVE-2016-1473 was published May 17, 2022
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and... Critical Unreviewed
CVE-2017-11165 was published May 17, 2022
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error... Critical Unreviewed
CVE-2010-3845 was published May 17, 2022
salt password information leaked in debug logs Critical
CVE-2015-6941 was published for salt (pip) May 17, 2022
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3... Critical Unreviewed
CVE-2016-1279 was published May 17, 2022
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of... Critical Unreviewed
CVE-2017-5496 was published May 17, 2022
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the ... Critical Unreviewed
CVE-2016-10175 was published May 17, 2022
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to... Critical Unreviewed
CVE-2015-5959 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical
CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive... Critical Unreviewed
CVE-2017-14269 was published May 17, 2022
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP... Critical Unreviewed
CVE-2014-8174 was published May 17, 2022
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc... Critical Unreviewed
CVE-2015-5284 was published May 17, 2022
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially... Critical Unreviewed
CVE-2017-9393 was published May 17, 2022
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via... Critical Unreviewed
CVE-2015-8707 was published May 17, 2022
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains... Critical Unreviewed
CVE-2017-13701 was published May 17, 2022
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... Critical Unreviewed
CVE-2017-13664 was published May 17, 2022
An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed
CVE-2017-13150 was published May 17, 2022
An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed
CVE-2017-13149 was published May 17, 2022
An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed
CVE-2017-0879 was published May 17, 2022
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. Critical Unreviewed
CVE-2017-17734 was published May 14, 2022
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. Critical Unreviewed
CVE-2017-17735 was published May 14, 2022
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
CPEs used by subscribers on the access network receive their individual configuration settings... Critical Unreviewed
CVE-2017-6094 was published May 14, 2022
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access... Critical Unreviewed
CVE-2018-3813 was published May 14, 2022
An information disclosure vulnerability in the Android media framework (libavc). Product: Android... Critical Unreviewed
CVE-2017-13204 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database