Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,260 advisories

Loading
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing... High Unreviewed
CVE-2018-9488 was published May 13, 2022
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in... Moderate Unreviewed
CVE-2018-5520 was published May 13, 2022
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access... Moderate Unreviewed
CVE-2018-20685 was published May 13, 2022
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended... Moderate Unreviewed
CVE-2018-20147 was published May 13, 2022
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c... High Unreviewed
CVE-2018-18955 was published May 13, 2022
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for... Moderate Unreviewed
CVE-2018-18397 was published May 13, 2022
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. High Unreviewed
CVE-2018-16620 was published May 13, 2022
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across... High Unreviewed
CVE-2018-12391 was published May 13, 2022
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016... Moderate Unreviewed
CVE-2018-0803 was published May 13, 2022
Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions... High Unreviewed
CVE-2017-8216 was published May 13, 2022
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root... High Unreviewed
CVE-2017-5618 was published May 13, 2022
A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow... High Unreviewed
CVE-2018-0337 was published May 13, 2022
A vulnerability in the web interface for specific feature sets of Cisco Integrated Management... Moderate Unreviewed
CVE-2018-15405 was published May 13, 2022
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System ... High Unreviewed
CVE-2018-0338 was published May 13, 2022
A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center... Moderate Unreviewed
CVE-2018-0269 was published May 13, 2022
A vulnerability in the management console of Cisco Firepower System Software could allow an... Moderate Unreviewed
CVE-2018-0278 was published May 13, 2022
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly... High Unreviewed
CVE-2018-1057 was published May 13, 2022
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through... Moderate Unreviewed
CVE-2015-4106 was published May 13, 2022
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote... High Unreviewed
CVE-2018-15640 was published May 13, 2022
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an... High Unreviewed
CVE-2019-1604 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1603 was published May 13, 2022
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that... High Unreviewed
CVE-2019-3827 was published May 13, 2022
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in... Moderate Unreviewed
CVE-2018-5741 was published May 13, 2022
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows... Moderate Unreviewed
CVE-2018-8927 was published May 13, 2022
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not... Moderate Unreviewed
CVE-2014-8109 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database