Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Improper Input Validation in Spring AMQP Critical
CVE-2016-2173 was published for org.springframework.amqp:spring-amqp (Maven) May 13, 2022
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their... Critical Unreviewed
CVE-2012-1301 was published May 13, 2022
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent... Critical Unreviewed
CVE-2017-5226 was published May 13, 2022
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis MarkLee131
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote... Critical Unreviewed
CVE-2010-4042 was published May 13, 2022
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and... Critical Unreviewed
CVE-2017-3881 was published May 13, 2022
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server... Critical Unreviewed
CVE-2019-0786 was published May 13, 2022
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to... Critical Unreviewed
CVE-2018-0147 was published May 13, 2022
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software... Critical Unreviewed
CVE-2018-0171 was published May 13, 2022
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed
CVE-2017-16845 was published May 13, 2022
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This... Critical Unreviewed
CVE-2012-6696 was published May 13, 2022
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x... Critical Unreviewed
CVE-2017-9800 was published May 13, 2022
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31... Critical Unreviewed
CVE-2014-9410 was published May 13, 2022
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled,... Critical Unreviewed
CVE-2018-0502 was published May 13, 2022
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated,... Critical Unreviewed
CVE-2018-13259 was published May 13, 2022
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2016-6374 was published May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with... Critical Unreviewed
CVE-2018-7679 was published May 13, 2022
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier... Critical Unreviewed
CVE-2015-4664 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to... Critical Unreviewed
CVE-2016-2170 was published May 13, 2022
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over... Critical Unreviewed
CVE-2018-14620 was published May 13, 2022
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0... Critical Unreviewed
CVE-2016-6646 was published May 13, 2022
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows... Critical Unreviewed
CVE-2016-0889 was published May 13, 2022
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system... Critical Unreviewed
CVE-2018-1000533 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database