Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

803 advisories

Loading
opendnssec misuses libcurl API Critical Unreviewed
CVE-2012-5582 was published Apr 23, 2022
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code... Critical Unreviewed
CVE-2022-29499 was published Apr 27, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2... Critical Unreviewed
CVE-2022-28054 was published May 3, 2022
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Critical Unreviewed
CVE-2013-7483 was published May 5, 2022
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service... Critical Unreviewed
CVE-2013-1910 was published May 5, 2022
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview Critical Unreviewed
CVE-2013-2259 was published May 5, 2022
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php... Critical Unreviewed
CVE-2013-2093 was published May 5, 2022
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable... Critical Unreviewed
CVE-2013-7171 was published May 5, 2022
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute... Critical Unreviewed
CVE-2022-29897 was published May 12, 2022
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7231 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7232 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7233 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7237 was published May 13, 2022
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x... Critical Unreviewed
CVE-2016-2786 was published May 13, 2022
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed
CVE-2015-7705 was published May 13, 2022
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code... Critical Unreviewed
CVE-2017-4997 was published May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary... Critical Unreviewed
CVE-2017-9034 was published May 13, 2022
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system... Critical Unreviewed
CVE-2018-1000533 was published May 13, 2022
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows... Critical Unreviewed
CVE-2016-0889 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API