Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

224,712 advisories

Loading
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote... High Unreviewed
CVE-2008-4743 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a... Moderate Unreviewed
CVE-2008-4710 was published May 17, 2022
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified... High Unreviewed
CVE-2008-4695 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2... Moderate Unreviewed
CVE-2008-4671 was published May 17, 2022
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud... Moderate Unreviewed
CVE-2016-4613 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1... High Unreviewed
CVE-2017-9413 was published May 17, 2022
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0... High Unreviewed
CVE-2017-11590 was published May 17, 2022
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2... Moderate Unreviewed
CVE-2008-4679 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log... Moderate Unreviewed
CVE-2008-4663 was published May 17, 2022
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote... High Unreviewed
CVE-2008-4660 was published May 17, 2022
Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have... High Unreviewed
CVE-2008-4630 was published May 17, 2022
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for... Moderate Unreviewed
CVE-2008-4633 was published May 17, 2022
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute... High Unreviewed
CVE-2017-1318 was published May 17, 2022
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1... High Unreviewed
CVE-2017-11526 was published May 17, 2022
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via... Moderate Unreviewed
CVE-2016-9816 was published May 17, 2022
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that... Moderate Unreviewed
CVE-2016-9377 was published May 17, 2022
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset... High Unreviewed
CVE-2016-9479 was published May 17, 2022
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php... Critical Unreviewed
CVE-2016-7784 was published May 17, 2022
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is... Moderate Unreviewed
CVE-2016-5328 was published May 17, 2022
The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. Moderate Unreviewed
CVE-2021-36761 was published Jun 22, 2022
AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow... High Unreviewed
CVE-2022-23171 was published Jun 22, 2022
Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via... Moderate Unreviewed
CVE-2022-25585 was published Jun 22, 2022
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation... High Unreviewed
CVE-2022-27872 was published Jun 22, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack... Moderate Unreviewed
CVE-2022-1524 was published Jun 25, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of... Moderate Unreviewed
CVE-2022-1747 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API