GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
247 advisories
Filter by severity
The public API error causes for the attacker to be able to bypass API access control.
Critical
Unreviewed
CVE-2022-23730
was published
Mar 12, 2022
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a...
Critical
Unreviewed
CVE-2022-0541
was published
Apr 26, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an...
Critical
Unreviewed
CVE-2022-20777
was published
May 5, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ...
Critical
Unreviewed
CVE-2016-9877
was published
May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers...
Critical
Unreviewed
CVE-2016-2788
was published
May 13, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3987
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5568
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5556
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101...
Critical
Unreviewed
CVE-2016-5582
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access...
Critical
Unreviewed
CVE-2010-5305
was published
May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote...
Critical
Unreviewed
CVE-2016-5118
was published
May 13, 2022
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by...
Critical
Unreviewed
CVE-2018-7364
was published
May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary...
Critical
Unreviewed
CVE-2017-9855
was published
May 13, 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts...
Critical
Unreviewed
CVE-2022-22282
was published
May 14, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x...
Critical
Unreviewed
CVE-2016-5022
was published
May 14, 2022
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When...
Critical
Unreviewed
CVE-2015-4594
was published
May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to...
Critical
Unreviewed
CVE-2013-5654
was published
May 14, 2022
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS...
Critical
Unreviewed
CVE-2016-0088
was published
May 14, 2022
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote...
Critical
Unreviewed
CVE-2016-9565
was published
May 14, 2022
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted...
Critical
Unreviewed
CVE-2016-5229
was published
May 14, 2022
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not...
Critical
Unreviewed
CVE-2015-8361
was published
May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote...
Critical
Unreviewed
CVE-2016-5239
was published
May 14, 2022
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by...
Critical
Unreviewed
CVE-2014-2048
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,...
Critical
Unreviewed
CVE-2014-10053
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API