Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,991 advisories

Loading
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2021-20034 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated... Moderate Unreviewed
CVE-2021-29760 was published May 24, 2022
In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could... Moderate Unreviewed
CVE-2021-0687 was published May 24, 2022
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource... Moderate Unreviewed
CVE-2020-20221 was published May 24, 2022
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the... Moderate Unreviewed
CVE-2021-25809 was published May 24, 2022
** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause... Moderate Unreviewed
CVE-2016-6595 was published May 17, 2022
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left... Moderate Unreviewed
CVE-2016-5267 was published May 17, 2022
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading... Low Unreviewed
CVE-2021-37468 was published May 24, 2022
Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of... Moderate Unreviewed
CVE-2008-6704 was published May 17, 2022
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2017-8654 was published May 17, 2022
The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and... Moderate Unreviewed
CVE-2008-6705 was published May 17, 2022
Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context... Moderate Unreviewed
CVE-2008-6817 was published May 17, 2022
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to... Moderate Unreviewed
CVE-2008-6676 was published May 17, 2022
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an... High Unreviewed
CVE-2017-8672 was published May 17, 2022
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and... Moderate Unreviewed
CVE-2008-6755 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4... Moderate Unreviewed
CVE-2008-6732 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4... Moderate Unreviewed
CVE-2008-6733 was published May 17, 2022
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow... High Unreviewed
CVE-2016-2835 was published May 17, 2022
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes... Moderate Unreviewed
CVE-2016-1474 was published May 17, 2022
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web... Critical Unreviewed
CVE-2017-1000020 was published May 17, 2022
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows... High Unreviewed
CVE-2016-1429 was published May 17, 2022
MEDHOST Document Management System contains hard-coded credentials that are used for customer... Critical Unreviewed
CVE-2017-11693 was published May 17, 2022
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,... High Unreviewed
CVE-2017-0250 was published May 17, 2022
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in... Moderate Unreviewed
CVE-2017-12655 was published May 17, 2022
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. Moderate Unreviewed
CVE-2017-12583 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database