Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This... Critical Unreviewed
CVE-2020-12079 was published May 24, 2022
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that... Critical Unreviewed
CVE-2021-22911 was published May 24, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php... Critical Unreviewed
CVE-2013-2093 was published May 5, 2022
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21,... Critical Unreviewed
CVE-2016-4368 was published May 17, 2022
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact... Critical Unreviewed
CVE-2016-4165 was published May 17, 2022
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain... Critical Unreviewed
CVE-2016-3741 was published May 17, 2022
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain... Critical Unreviewed
CVE-2016-3743 was published May 17, 2022
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with... Critical Unreviewed
CVE-2016-6178 was published May 17, 2022
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W... Critical Unreviewed
CVE-2016-1395 was published May 17, 2022
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles... Critical Unreviewed
CVE-2016-3742 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6694 was published May 17, 2022
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP... Critical Unreviewed
CVE-2016-6501 was published May 17, 2022
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1... Critical Unreviewed
CVE-2016-5743 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6696 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6693 was published May 17, 2022
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0... Critical Unreviewed
CVE-2016-1997 was published May 17, 2022
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and... Critical Unreviewed
CVE-2020-20907 was published May 24, 2022
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver... Critical Unreviewed
CVE-2016-0815 was published May 17, 2022
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation,... Critical Unreviewed
CVE-2022-31321 was published Aug 2, 2022
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to... Critical Unreviewed
CVE-2016-1998 was published May 17, 2022
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute... Critical Unreviewed
CVE-2016-7406 was published May 17, 2022
Improper input validation in Access Control APIs. Access control API may return memory range... Critical Unreviewed
CVE-2016-8437 was published May 17, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database