Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,830 advisories

Loading
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated... High Unreviewed
CVE-2014-9193 was published May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit Moderate
CVE-2016-7570 was published for drupal/core (Composer) May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4... High Unreviewed
CVE-2015-8467 was published May 17, 2022
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x... High Unreviewed
CVE-2014-0185 was published May 17, 2022
Local privilege escalation due to excessive permissions assigned to child processes. The... High Unreviewed
CVE-2022-30695 was published May 17, 2022
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold... High Unreviewed
CVE-2016-0151 was published May 14, 2022
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on... High Unreviewed
CVE-2013-0643 was published May 14, 2022
Puppet Privilege Escallation Moderate
CVE-2012-1053 was published for puppet (RubyGems) May 14, 2022
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows... Critical Unreviewed
CVE-2012-5376 was published May 13, 2022
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of... Critical Unreviewed
CVE-2018-9853 was published May 13, 2022
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed... Moderate Unreviewed
CVE-2018-6080 was published May 13, 2022
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard... High Unreviewed
CVE-2018-5884 was published May 13, 2022
Improperly configured memory protection allows read/write access to modem image from HLOS kernel... High Unreviewed
CVE-2018-5839 was published May 13, 2022
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39,... Moderate Unreviewed
CVE-2018-5756 was published May 13, 2022
An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions... High Unreviewed
CVE-2018-5706 was published May 13, 2022
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host... High Unreviewed
CVE-2018-5166 was published May 13, 2022
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with... High Unreviewed
CVE-2018-4862 was published May 13, 2022
An access issue was addressed with additional sandbox restrictions. This issue affected versions... Critical Unreviewed
CVE-2018-4310 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10... Moderate Unreviewed
CVE-2018-4173 was published May 13, 2022
BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker... High Unreviewed
CVE-2018-3682 was published May 13, 2022
Improper Privilege Management in MySQL Connectors Java High
CVE-2018-3258 was published for mysql:mysql-connector-java (Maven) May 13, 2022
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7... High Unreviewed
CVE-2018-2481 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database