Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,970 advisories

Loading
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of... Moderate Unreviewed
CVE-2016-5696 was published May 13, 2022
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp... Moderate Unreviewed
CVE-2016-1550 was published May 13, 2022
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related... High Unreviewed
CVE-2017-3080 was published May 13, 2022
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that... High Unreviewed
CVE-2017-3085 was published May 13, 2022
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro... Moderate Unreviewed
CVE-2016-0887 was published May 13, 2022
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read... High Unreviewed
CVE-2017-7415 was published May 13, 2022
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to... Moderate Unreviewed
CVE-2018-20237 was published May 13, 2022
EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A... Moderate Unreviewed
CVE-2016-8217 was published May 13, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2... High Unreviewed
CVE-2017-12734 was published May 13, 2022
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products,... Moderate Unreviewed
CVE-2016-0800 was published May 13, 2022
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the... Moderate Unreviewed
CVE-2015-8470 was published May 13, 2022
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9... Moderate Unreviewed
CVE-2016-0703 was published May 13, 2022
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server... High Unreviewed
CVE-2017-2294 was published May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML Moderate
CVE-2013-6440 was published for org.opensaml:opensaml (Maven) May 13, 2022
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode... Moderate Unreviewed
CVE-2015-4551 was published May 13, 2022
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow... Moderate Unreviewed
CVE-2014-3575 was published May 13, 2022
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release... High Unreviewed
CVE-2017-8035 was published May 13, 2022
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a... Moderate Unreviewed
CVE-2018-6881 was published May 13, 2022
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain... Moderate Unreviewed
CVE-2010-3886 was published May 13, 2022
An out of bounds read was discovered in systemd-journald in the way it parses log messages that... Low Unreviewed
CVE-2018-16866 was published May 13, 2022
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML,... Moderate Unreviewed
CVE-2010-3342 was published May 13, 2022
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML,... Moderate Unreviewed
CVE-2010-3348 was published May 13, 2022
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which... Moderate Unreviewed
CVE-2011-1246 was published May 13, 2022
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header... Moderate Unreviewed
CVE-2011-3404 was published May 13, 2022
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3... Moderate Unreviewed
CVE-2015-3269 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database