GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,888
Composer 4,870
Erlang 37
GitHub Actions 36
Go 2,500
Maven 5,941
npm 4,147
NuGet 735
pip 3,948
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,466

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

613 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39756 was published Mar 31, 2022

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed

CVE-2021-39745 was published Mar 31, 2022

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed

CVE-2021-39744 was published Mar 31, 2022

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed

CVE-2022-22356 was published Apr 6, 2022

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed

CVE-2022-1318 was published Apr 21, 2022

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an... Moderate Unreviewed

CVE-2003-0190 was published Apr 29, 2022

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a... Moderate Unreviewed

CVE-2003-0637 was published Apr 29, 2022

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if... Moderate Unreviewed

CVE-2004-0243 was published Apr 29, 2022

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it... Moderate Unreviewed

CVE-2004-0294 was published Apr 29, 2022

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the... Moderate Unreviewed

CVE-2004-0778 was published Apr 29, 2022

ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of... Moderate Unreviewed

CVE-2004-1428 was published Apr 29, 2022

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given... Moderate Unreviewed

CVE-2004-1602 was published Apr 29, 2022

Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and... Moderate Unreviewed

CVE-2004-2150 was published Apr 29, 2022

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which... Moderate Unreviewed

CVE-2004-2252 was published Apr 29, 2022

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client... Moderate Unreviewed

CVE-2000-1117 was published Apr 30, 2022

iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "... Low Unreviewed

CVE-2001-1387 was published Apr 30, 2022

One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine... Moderate Unreviewed

CVE-2001-1483 was published Apr 30, 2022

AmTote International homebet program returns different error messages when invalid account... Moderate Unreviewed

CVE-2001-1528 was published Apr 30, 2022

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in... Moderate Unreviewed

CVE-2002-0208 was published Apr 30, 2022

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows... Moderate Unreviewed

CVE-2002-0514 was published Apr 30, 2022

IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is... Moderate Unreviewed

CVE-2002-0515 was published Apr 30, 2022

Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root... Moderate Unreviewed

CVE-2002-2094 was published Apr 30, 2022

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet... Moderate Unreviewed

CVE-2005-0918 was published May 1, 2022

The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error... High Unreviewed

CVE-2005-1650 was published May 1, 2022

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability High

CVE-2007-6721 was published for bouncycastle:bcprov-jdk14 (Maven) May 1, 2022

Previous 1…4…25 Next

Previous 1 2 3 4 5 6 … 24 25 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

613 advisories