GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,776 advisories
Filter by severity
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a...
Low
Unreviewed
CVE-2018-20944
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval...
Low
Unreviewed
CVE-2018-20940
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive...
Low
Unreviewed
CVE-2018-20946
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval...
Low
Unreviewed
CVE-2018-20942
was published
May 24, 2022
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC...
Low
Unreviewed
CVE-2017-18384
was published
May 24, 2022
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable...
Low
Unreviewed
CVE-2017-18391
was published
May 24, 2022
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
Low
Unreviewed
CVE-2017-18397
was published
May 24, 2022
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple...
Low
Unreviewed
CVE-2017-18392
was published
May 24, 2022
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of...
Low
Unreviewed
CVE-2017-18412
was published
May 24, 2022
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC...
Low
Unreviewed
CVE-2017-18422
was published
May 24, 2022
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
Low
Unreviewed
CVE-2017-18421
was published
May 24, 2022
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
Low
Unreviewed
CVE-2017-18423
was published
May 24, 2022
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable...
Low
Unreviewed
CVE-2017-18424
was published
May 24, 2022
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
Low
Unreviewed
CVE-2017-18425
was published
May 24, 2022
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log...
Low
Unreviewed
CVE-2017-18428
was published
May 24, 2022
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
Low
Unreviewed
CVE-2017-18427
was published
May 24, 2022
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account...
Low
Unreviewed
CVE-2017-18429
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call ...
Low
Unreviewed
CVE-2017-18436
was published
May 24, 2022
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
Low
Unreviewed
CVE-2017-18458
was published
May 24, 2022
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang...
Low
Unreviewed
CVE-2016-10772
was published
May 24, 2022
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
Low
Unreviewed
CVE-2016-10796
was published
May 24, 2022
In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating...
Low
Unreviewed
CVE-2019-10988
was published
May 24, 2022
In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE...
Low
Unreviewed
CVE-2018-9581
was published
May 24, 2022
In the proc filesystem, there is a possible information disclosure due to log information...
Low
Unreviewed
CVE-2019-9277
was published
May 24, 2022
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate...
Low
Unreviewed
CVE-2019-9351
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API