GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,553

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

266 advisories

Filter by severity

Sort by

Least recently updated

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed

CVE-2015-3956 was published May 13, 2022

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in... High Unreviewed

CVE-2017-10624 was published May 13, 2022

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software... Moderate Unreviewed

CVE-2017-12740 was published May 13, 2022

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other... Moderate Unreviewed

CVE-2017-1405 was published May 13, 2022

Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed

CVE-2017-3219 was published May 13, 2022

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior... High Unreviewed

CVE-2017-3218 was published May 13, 2022

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed

CVE-2017-3224 was published May 13, 2022

A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... Moderate Unreviewed

CVE-2018-10626 was published May 13, 2022

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for... High Unreviewed

CVE-2015-7539 was published May 13, 2022

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed

CVE-2016-4554 was published May 13, 2022

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed

CVE-2016-4553 was published May 13, 2022

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks... High Unreviewed

CVE-2017-11103 was published May 13, 2022

GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed

CVE-2019-7323 was published May 13, 2022

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed

CVE-2019-0805 was published May 13, 2022

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. Critical Unreviewed

CVE-2018-19971 was published May 13, 2022

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed

CVE-2018-17938 was published May 13, 2022

IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed

CVE-2016-3016 was published May 13, 2022

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed

CVE-2014-0364 was published May 13, 2022

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3... Critical Unreviewed

CVE-2015-6853 was published May 13, 2022

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before... Critical Unreviewed

CVE-2015-6854 was published May 13, 2022

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed

CVE-2019-1000012 was published May 13, 2022

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed

CVE-2018-7798 was published May 13, 2022

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed

CVE-2021-26368 was published May 13, 2022

This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed

CVE-2021-27759 was published May 7, 2022

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed

CVE-2020-14122 was published Apr 22, 2022

Previous 1 2 … 7 8 9 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

266 advisories