Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form... Moderate Unreviewed
CVE-2016-10829 was published May 24, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27... High Unreviewed
CVE-2019-13404 was published May 24, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29447 was published May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29446 was published May 20, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the... Moderate Unreviewed
CVE-2021-42644 was published May 18, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup... High Unreviewed
CVE-2017-2551 was published May 17, 2022
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers... Moderate Unreviewed
CVE-2016-3715 was published May 14, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,... High Unreviewed
CVE-2018-9587 was published May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative... High Unreviewed
CVE-2018-5112 was published May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers... High Unreviewed
CVE-2018-16946 was published May 13, 2022
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue... Moderate Unreviewed
CVE-2017-7079 was published May 13, 2022
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS... Moderate Unreviewed
CVE-2017-6774 was published May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently... Critical Unreviewed
CVE-2017-14942 was published May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated... Moderate Unreviewed
CVE-2017-1308 was published May 13, 2022
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update... Moderate Unreviewed
CVE-2017-11829 was published May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which... High Unreviewed
CVE-2017-11746 was published May 13, 2022
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized... Critical Unreviewed
CVE-2017-10930 was published May 13, 2022
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo... High Unreviewed
CVE-2017-12079 was published May 13, 2022
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an... Moderate Unreviewed
CVE-2017-1602 was published May 13, 2022
Drupal core access bypass vulnerability Moderate
CVE-2017-6922 was published for drupal/core (Composer) May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download... High Unreviewed
CVE-2018-10869 was published May 13, 2022
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an... Low Unreviewed
CVE-2018-0106 was published May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized... High Unreviewed
CVE-2017-16651 was published May 13, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr... Moderate Unreviewed
CVE-2015-1350 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database