Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,238 advisories

Loading
Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows... Moderate Unreviewed
CVE-2016-1169 was published May 17, 2022
named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which... Moderate Unreviewed
CVE-2010-3615 was published May 17, 2022
Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute... Moderate Unreviewed
CVE-2016-1176 was published May 17, 2022
The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse... Moderate Unreviewed
CVE-2016-3985 was published May 17, 2022
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users... Moderate Unreviewed
CVE-2015-5247 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows... Moderate Unreviewed
CVE-2016-1171 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through... Moderate Unreviewed
CVE-2016-1175 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse... Moderate Unreviewed
CVE-2014-3820 was published May 17, 2022
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly... Moderate Unreviewed
CVE-2016-4415 was published May 17, 2022
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before... Moderate Unreviewed
CVE-2016-2459 was published May 17, 2022
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote... Moderate Unreviewed
CVE-2016-3972 was published May 17, 2022
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote... Moderate Unreviewed
CVE-2014-9248 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows... Moderate Unreviewed
CVE-2016-1173 was published May 17, 2022
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5... Moderate Unreviewed
CVE-2015-7448 was published May 17, 2022
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not... Moderate Unreviewed
CVE-2015-3332 was published May 17, 2022
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial... Moderate Unreviewed
CVE-2014-6258 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow... Moderate Unreviewed
CVE-2014-6253 was published May 17, 2022
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS... Moderate Unreviewed
CVE-2014-8611 was published May 17, 2022
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x... Moderate Unreviewed
CVE-2016-2277 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure... Moderate Unreviewed
CVE-2014-3824 was published May 17, 2022
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login... Moderate Unreviewed
CVE-2015-0531 was published May 17, 2022
Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes... Moderate Unreviewed
CVE-2014-9386 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4... Moderate Unreviewed
CVE-2016-1375 was published May 17, 2022
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header... Moderate Unreviewed
CVE-2016-2304 was published May 17, 2022
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10... Moderate Unreviewed
CVE-2016-0289 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database