Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
Trac reStructuredText breach of privacy and denial of service vulnerability High
CVE-2006-3695 was published for trac (pip) May 1, 2022
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` High
CVE-2005-4875 was published for typo3/cms (Composer) May 1, 2022
Apache Tomcat allows remote attackers to read JSP source files High
CVE-2005-4836 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the... High Unreviewed
CVE-2005-2036 was published May 1, 2022
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote... High Unreviewed
CVE-2002-2317 was published Apr 30, 2022
Apache Tomcat Source Code Disclosure High
CVE-2002-1394 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. High Unreviewed
CVE-1999-0236 was published Apr 30, 2022
IRIX fam service allows an attacker to obtain a list of all files on the server. High Unreviewed
CVE-1999-0059 was published Apr 30, 2022
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key... High Unreviewed
CVE-2018-10911 was published Apr 30, 2022
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether... High Unreviewed
CVE-2021-43937 was published Apr 30, 2022
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel.... High Unreviewed
CVE-2022-1353 was published Apr 30, 2022
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages,... High Unreviewed
CVE-2003-1398 was published Apr 29, 2022
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which... High Unreviewed
CVE-2003-1404 was published Apr 29, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the... High Unreviewed
CVE-2021-34589 was published Apr 28, 2022
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other... High Unreviewed
CVE-2021-38919 was published Apr 28, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched High
CVE-2012-1094 was published for org.jboss.as:jboss-as-server (Maven) Apr 23, 2022
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation... High Unreviewed
CVE-2012-4420 was published Apr 23, 2022
gnome-system-log polkit policy allows arbitrary files on the system to be read High Unreviewed
CVE-2012-5535 was published Apr 23, 2022
mediawiki allows deleted text to be exposed High Unreviewed
CVE-2012-0046 was published Apr 23, 2022
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this... High Unreviewed
CVE-2010-1432 was published Apr 21, 2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 High Unreviewed
CVE-2022-27849 was published Apr 16, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which... High Unreviewed
CVE-2021-43287 was published Apr 15, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix... High Unreviewed
CVE-2022-27241 was published Apr 13, 2022
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management... High Unreviewed
CVE-2022-27667 was published Apr 13, 2022
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download... High Unreviewed
CVE-2022-26591 was published Apr 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database