Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to... Critical Unreviewed
CVE-2019-0604 was published May 13, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and... Critical Unreviewed
CVE-2019-10672 was published May 13, 2022
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1... Critical Unreviewed
CVE-2016-3655 was published May 13, 2022
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x... Critical Unreviewed
CVE-2017-15944 was published May 13, 2022
The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11,... Critical Unreviewed
CVE-2017-8390 was published May 13, 2022
Improper input validation together with an integer overflow in the EAP-TLS protocol... Critical Unreviewed
CVE-2018-11574 was published May 13, 2022
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers... Critical Unreviewed
CVE-2018-20062 was published May 13, 2022
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX... Critical Unreviewed
CVE-2018-6320 was published May 13, 2022
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation... Critical Unreviewed
CVE-2018-14361 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c... Critical Unreviewed
CVE-2018-14351 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c... Critical Unreviewed
CVE-2018-14349 was published May 13, 2022
Improper Input Validation in Spring AMQP Critical
CVE-2016-2173 was published for org.springframework.amqp:spring-amqp (Maven) May 13, 2022
Code execution in Apache Struts 1 plugin Critical
CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their... Critical Unreviewed
CVE-2012-1301 was published May 13, 2022
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent... Critical Unreviewed
CVE-2017-5226 was published May 13, 2022
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis MarkLee131
Credited to briandealwis and MarkLee131
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote... Critical Unreviewed
CVE-2010-4042 was published May 13, 2022
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and... Critical Unreviewed
CVE-2017-3881 was published May 13, 2022
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server... Critical Unreviewed
CVE-2019-0786 was published May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software... Critical Unreviewed
CVE-2018-0171 was published May 13, 2022
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed
CVE-2017-16845 was published May 13, 2022
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This... Critical Unreviewed
CVE-2012-6696 was published May 13, 2022
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database