GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2...
Moderate
Unreviewed
CVE-2019-4072
was published
May 24, 2022
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1...
Critical
Unreviewed
CVE-2018-6634
was published
May 24, 2022
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager...
High
Unreviewed
CVE-2022-23669
was published
May 18, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass...
Critical
Unreviewed
CVE-2014-2595
was published
May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
High
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
High
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
High
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are...
Critical
Unreviewed
CVE-2016-5069
was published
May 17, 2022
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking...
High
Unreviewed
CVE-2017-6529
was published
May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000135
was published
May 17, 2022
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000136
was published
May 17, 2022
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and...
High
Unreviewed
CVE-2017-6145
was published
May 17, 2022
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to...
Moderate
Unreviewed
CVE-2017-1693
was published
May 14, 2022
Improper administrator IP validation after his login in the HTTPd server in all current versions ...
High
Unreviewed
CVE-2017-15653
was published
May 14, 2022
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration...
Moderate
Unreviewed
CVE-2018-5438
was published
May 14, 2022
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded)...
Moderate
Unreviewed
CVE-2018-7758
was published
May 14, 2022
Symfony DoS
Moderate
CVE-2018-11386
was published
for
symfony/http-foundation
(Composer)
May 14, 2022
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf...
High
Unreviewed
CVE-2018-1195
was published
May 13, 2022
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote...
High
Unreviewed
CVE-2017-11667
was published
May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to...
Moderate
Unreviewed
CVE-2017-1000131
was published
May 13, 2022
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive...
Low
Unreviewed
CVE-2016-0234
was published
May 13, 2022
Keycloak CSRF Vulnerability
High
CVE-2017-12159
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared...
High
Unreviewed
CVE-2017-12191
was published
May 13, 2022
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller...
Moderate
Unreviewed
CVE-2017-14007
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API