Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for mercurial (Maven) May 17, 2022
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. Critical Unreviewed
CVE-2014-10384 was published May 17, 2022
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. Critical Unreviewed
CVE-2014-10383 was published May 17, 2022
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21,... Critical Unreviewed
CVE-2016-4368 was published May 17, 2022
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact... Critical Unreviewed
CVE-2016-4165 was published May 17, 2022
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP... Critical Unreviewed
CVE-2016-1209 was published May 17, 2022
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain... Critical Unreviewed
CVE-2016-3741 was published May 17, 2022
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain... Critical Unreviewed
CVE-2016-3743 was published May 17, 2022
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles... Critical Unreviewed
CVE-2016-3742 was published May 17, 2022
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with... Critical Unreviewed
CVE-2016-6178 was published May 17, 2022
OpenStack Murano Code Execution Critical
CVE-2016-4972 was published for murano (pip) May 17, 2022
The register method in the UsersModelRegistration class in controllers/user.php in the Users... Critical Unreviewed
CVE-2016-8869 was published May 17, 2022
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver... Critical Unreviewed
CVE-2016-0815 was published May 17, 2022
Remote Code Execution in Apache Struts Critical
CVE-2016-3082 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1... Critical Unreviewed
CVE-2016-5743 was published May 17, 2022
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W... Critical Unreviewed
CVE-2016-1395 was published May 17, 2022
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0... Critical Unreviewed
CVE-2016-1997 was published May 17, 2022
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to... Critical Unreviewed
CVE-2016-1998 was published May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6693 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6696 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6694 was published May 17, 2022
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP... Critical Unreviewed
CVE-2016-6501 was published May 17, 2022
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to... Critical Unreviewed
CVE-2016-5691 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database