GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
420 advisories
Filter by severity
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access...
Moderate
Unreviewed
CVE-2009-3597
was published
May 2, 2022
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1...
Moderate
Unreviewed
CVE-2017-2621
was published
May 3, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
High
Unreviewed
CVE-2022-28462
was published
May 6, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp...
Moderate
Unreviewed
CVE-2022-29302
was published
May 13, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log...
Moderate
Unreviewed
CVE-2017-2622
was published
May 13, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr...
Moderate
Unreviewed
CVE-2015-1350
was published
May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized...
High
Unreviewed
CVE-2017-16651
was published
May 13, 2022
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an...
Low
Unreviewed
CVE-2018-0106
was published
May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download...
High
Unreviewed
CVE-2018-10869
was published
May 13, 2022
Drupal core access bypass vulnerability
Moderate
CVE-2017-6922
was published
for
drupal/core
(Composer)
May 13, 2022
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an...
Moderate
Unreviewed
CVE-2017-1602
was published
May 13, 2022
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo...
High
Unreviewed
CVE-2017-12079
was published
May 13, 2022
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized...
Critical
Unreviewed
CVE-2017-10930
was published
May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which...
High
Unreviewed
CVE-2017-11746
was published
May 13, 2022
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update...
Moderate
Unreviewed
CVE-2017-11829
was published
May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated...
Moderate
Unreviewed
CVE-2017-1308
was published
May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently...
Critical
Unreviewed
CVE-2017-14942
was published
May 13, 2022
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS...
Moderate
Unreviewed
CVE-2017-6774
was published
May 13, 2022
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue...
Moderate
Unreviewed
CVE-2017-7079
was published
May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers...
High
Unreviewed
CVE-2018-16946
was published
May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative...
High
Unreviewed
CVE-2018-5112
was published
May 13, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,...
High
Unreviewed
CVE-2018-9587
was published
May 13, 2022
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers...
Moderate
Unreviewed
CVE-2016-3715
was published
May 14, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup...
High
Unreviewed
CVE-2017-2551
was published
May 17, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
ProTip!
Advisories are also available from the
GraphQL API