Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,423 advisories

Loading
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1... Low Unreviewed
CVE-2015-4812 was published May 17, 2022
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ... Low Unreviewed
CVE-2011-3352 was published Apr 22, 2022
uzbl: Information disclosure via world-readable cookies storage file Low Unreviewed
CVE-2012-0843 was published Apr 23, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).... Low Unreviewed
CVE-2022-21485 was published Apr 20, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).... Low Unreviewed
CVE-2022-21484 was published Apr 20, 2022
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1... Low Unreviewed
CVE-2012-5558 was published Apr 23, 2022
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers... Low Unreviewed
CVE-2012-1932 was published Apr 23, 2022
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. Low Unreviewed
CVE-2012-5776 was published Apr 23, 2022
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication... Low Unreviewed
CVE-2006-7246 was published Apr 21, 2022
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite Low Unreviewed
CVE-2012-5562 was published Apr 23, 2022
Incorrect Default Permissions in Apache Commons FileUpload Low
CVE-2013-0248 was published for commons-fileupload:commons-fileupload (Maven) May 5, 2022
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version... Low Unreviewed
CVE-2010-2472 was published Apr 21, 2022
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them... Low Unreviewed
CVE-2010-3292 was published Apr 21, 2022
Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle... Low Unreviewed
CVE-2015-4825 was published May 17, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain... Low Unreviewed
CVE-2015-3778 was published May 17, 2022
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink... Low Unreviewed
CVE-2010-3095 was published Apr 21, 2022
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and... Low Unreviewed
CVE-2010-3440 was published Apr 21, 2022
An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the... Low Unreviewed
CVE-2012-4767 was published Apr 23, 2022
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. Low Unreviewed
CVE-2012-0844 was published Apr 23, 2022
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via... Low Unreviewed
CVE-2012-6114 was published Apr 23, 2022
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8... Low Unreviewed
CVE-2012-1500 was published Apr 23, 2022
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by... Low Unreviewed
CVE-2012-3341 was published Apr 23, 2022
Cross-site scripting in Apache Struts Low
CVE-2006-1548 was published for struts:struts (Maven) May 1, 2022
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain... Low Unreviewed
CVE-2011-2343 was published Apr 22, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:... Low Unreviewed
CVE-2018-3139 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database