GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
111,005 advisories
Filter by severity
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote...
Moderate
Unreviewed
CVE-2016-7108
was published
May 17, 2022
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass...
Moderate
Unreviewed
CVE-2014-3295
was published
May 17, 2022
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications...
Moderate
Unreviewed
CVE-2015-6410
was published
May 17, 2022
Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface...
Moderate
Unreviewed
CVE-2015-6365
was published
May 17, 2022
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated...
Moderate
Unreviewed
CVE-2015-6413
was published
May 17, 2022
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise...
Moderate
Unreviewed
CVE-2015-2071
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows...
Moderate
Unreviewed
CVE-2014-4304
was published
May 17, 2022
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7...
Moderate
Unreviewed
CVE-2014-0159
was published
May 17, 2022
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and...
Moderate
Unreviewed
CVE-2015-6351
was published
May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006...
Moderate
Unreviewed
CVE-2016-0317
was published
May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006...
Moderate
Unreviewed
CVE-2016-0318
was published
May 17, 2022
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain...
Moderate
Unreviewed
CVE-2014-3277
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4...
Moderate
Unreviewed
CVE-2014-3267
was published
May 17, 2022
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers...
Moderate
Unreviewed
CVE-2014-8601
was published
May 17, 2022
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables...
Moderate
Unreviewed
CVE-2013-4135
was published
May 17, 2022
HPE Insight Control server deployment allows remote attackers to modify data via unspecified...
Moderate
Unreviewed
CVE-2016-4363
was published
May 17, 2022
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to...
Moderate
Unreviewed
CVE-2014-2121
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20...
Moderate
Unreviewed
CVE-2014-9517
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual...
Moderate
Unreviewed
CVE-2014-3922
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users...
Moderate
Unreviewed
CVE-2015-5399
was published
May 17, 2022
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access...
Moderate
Unreviewed
CVE-2015-4997
was published
May 17, 2022
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a...
Moderate
Unreviewed
CVE-2015-5311
was published
May 17, 2022
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for...
Moderate
Unreviewed
CVE-2015-6352
was published
May 17, 2022
drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate...
Moderate
Unreviewed
CVE-2015-5257
was published
May 17, 2022
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows...
Moderate
Unreviewed
CVE-2015-6350
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API