GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
242,075 advisories
Filter by severity
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user...
Moderate
Unreviewed
CVE-2021-40654
was published
May 24, 2022
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4...
High
Unreviewed
CVE-2021-34415
was published
May 24, 2022
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and...
Moderate
Unreviewed
CVE-2017-0060
was published
May 17, 2022
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust...
Moderate
Unreviewed
CVE-2021-35492
was published
May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number...
High
Unreviewed
CVE-2021-41829
was published
May 24, 2022
In system properties, there is a possible information disclosure due to a missing permission...
Moderate
Unreviewed
CVE-2021-0680
was published
May 24, 2022
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource...
Moderate
Unreviewed
CVE-2020-20221
was published
May 24, 2022
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the...
Moderate
Unreviewed
CVE-2021-25809
was published
May 24, 2022
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of...
Moderate
Unreviewed
CVE-2021-22397
was published
May 24, 2022
An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2...
Critical
Unreviewed
CVE-2020-21937
was published
May 24, 2022
In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's...
Moderate
Unreviewed
CVE-2021-39891
was published
May 24, 2022
Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider...
Moderate
Unreviewed
CVE-2008-7035
was published
May 17, 2022
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a...
Moderate
Unreviewed
CVE-2008-7008
was published
May 17, 2022
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote...
Moderate
Unreviewed
CVE-2008-7016
was published
May 17, 2022
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to...
High
Unreviewed
CVE-2008-6968
was published
May 17, 2022
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary...
High
Unreviewed
CVE-2008-6937
was published
May 17, 2022
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
High
Unreviewed
CVE-2017-0103
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12...
Moderate
Unreviewed
CVE-2016-3195
was published
May 17, 2022
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...
High
Unreviewed
CVE-2017-0089
was published
May 17, 2022
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT...
Moderate
Unreviewed
CVE-2016-5268
was published
May 17, 2022
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys...
Critical
Unreviewed
CVE-2016-5333
was published
May 17, 2022
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary...
Moderate
Unreviewed
CVE-2016-5253
was published
May 17, 2022
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x...
Moderate
Unreviewed
CVE-2016-2960
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2...
Moderate
Unreviewed
CVE-2016-4170
was published
May 17, 2022
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow,...
Critical
Unreviewed
CVE-2016-7134
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API