Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

752 advisories

Loading
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7237 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7232 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7233 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7231 was published May 13, 2022
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute... Critical Unreviewed
CVE-2022-29897 was published May 12, 2022
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable... Critical Unreviewed
CVE-2013-7171 was published May 5, 2022
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php... Critical Unreviewed
CVE-2013-2093 was published May 5, 2022
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview Critical Unreviewed
CVE-2013-2259 was published May 5, 2022
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service... Critical Unreviewed
CVE-2013-1910 was published May 5, 2022
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Critical Unreviewed
CVE-2013-7483 was published May 5, 2022
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2... Critical Unreviewed
CVE-2022-28054 was published May 3, 2022
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code... Critical Unreviewed
CVE-2022-29499 was published Apr 27, 2022
opendnssec misuses libcurl API Critical Unreviewed
CVE-2012-5582 was published Apr 23, 2022
cumin: At installation postgresql database user created without password Critical Unreviewed
CVE-2012-3460 was published Apr 23, 2022
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table... Critical Unreviewed
CVE-2012-6125 was published Apr 23, 2022
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which... Critical Unreviewed
CVE-2012-0694 was published Apr 23, 2022
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables... Critical Unreviewed
CVE-2011-2897 was published Apr 23, 2022
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to... Critical Unreviewed
CVE-2011-4124 was published Apr 22, 2022
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM... Critical Unreviewed
CVE-2011-4120 was published Apr 22, 2022
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may... Critical Unreviewed
CVE-2011-0703 was published Apr 22, 2022
Rbot Reaction plugin allows command execution Critical Unreviewed
CVE-2010-2446 was published Apr 21, 2022
qtparted has insecure library loading which may allow arbitrary code execution Critical Unreviewed
CVE-2010-3375 was published Apr 21, 2022
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Critical Unreviewed
CVE-2010-4239 was published Apr 21, 2022
Snoopy 2.0.0-1 has a security hole in exec cURL Critical Unreviewed
CVE-2002-2444 was published Apr 21, 2022
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware... Critical Unreviewed
CVE-2021-32974 was published Apr 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database