Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x... Critical Unreviewed
CVE-2017-9800 was published May 13, 2022
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31... Critical Unreviewed
CVE-2014-9410 was published May 13, 2022
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled,... Critical Unreviewed
CVE-2018-0502 was published May 13, 2022
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated,... Critical Unreviewed
CVE-2018-13259 was published May 13, 2022
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2016-6374 was published May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with... Critical Unreviewed
CVE-2018-7679 was published May 13, 2022
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier... Critical Unreviewed
CVE-2015-4664 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to... Critical Unreviewed
CVE-2016-2170 was published May 13, 2022
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over... Critical Unreviewed
CVE-2018-14620 was published May 13, 2022
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0... Critical Unreviewed
CVE-2016-6646 was published May 13, 2022
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows... Critical Unreviewed
CVE-2016-0889 was published May 13, 2022
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system... Critical Unreviewed
CVE-2018-1000533 was published May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary... Critical Unreviewed
CVE-2017-9034 was published May 13, 2022
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code... Critical Unreviewed
CVE-2017-4997 was published May 13, 2022
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed
CVE-2015-7705 was published May 13, 2022
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x... Critical Unreviewed
CVE-2016-2786 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7237 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7233 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7232 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7231 was published May 13, 2022
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
Credited to sharonbz
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute... Critical Unreviewed
CVE-2022-29897 was published May 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database