Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,055 advisories

Loading
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version... High Unreviewed
CVE-2015-9268 was published May 13, 2022
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code... High Unreviewed
CVE-2018-16873 was published May 13, 2022
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory... High Unreviewed
CVE-2018-16874 was published May 13, 2022
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could... High Unreviewed
CVE-2017-6751 was published May 13, 2022
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2014-8361 was published May 13, 2022
CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to... High Unreviewed
CVE-2008-5529 was published May 13, 2022
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to... High Unreviewed
CVE-2018-9025 was published May 13, 2022
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users... High Unreviewed
CVE-2018-9023 was published May 13, 2022
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows... High Unreviewed
CVE-2016-7162 was published May 13, 2022
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server... High Unreviewed
CVE-2017-10908 was published May 13, 2022
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC)... High Unreviewed
CVE-2016-9219 was published May 13, 2022
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not... High Unreviewed
CVE-2008-5695 was published May 13, 2022
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1... High Unreviewed
CVE-2016-4838 was published May 13, 2022
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the... High Unreviewed
CVE-2016-2161 was published May 13, 2022
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols... High Unreviewed
CVE-2016-8740 was published May 13, 2022
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a... High Unreviewed
CVE-2017-15715 was published May 13, 2022
Improper Input Validation in Apache CXF High
CVE-2010-2076 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
Remote web-service operation execution in Apache CXF High
CVE-2012-3451 was published for org.apache.cxf:cxf (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash... High Unreviewed
CVE-2018-0043 was published May 13, 2022
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write... High Unreviewed
CVE-2018-19204 was published May 13, 2022
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names... High Unreviewed
CVE-2016-8625 was published May 13, 2022
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the... High Unreviewed
CVE-2016-8624 was published May 13, 2022
Improper Input Validation in Apache Hadoop High
CVE-2017-3162 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a... High Unreviewed
CVE-2014-3673 was published May 13, 2022
Apache Qpid Python client Improper certificate validation High
CVE-2013-1909 was published for qpid-python (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database