Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

690 advisories

Loading
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing... Moderate Unreviewed
CVE-2018-1736 was published May 13, 2022
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker... Moderate Unreviewed
CVE-2018-1875 was published May 13, 2022
IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open... Moderate Unreviewed
CVE-2018-1939 was published May 13, 2022
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL... Moderate Unreviewed
CVE-2018-7674 was published May 13, 2022
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote... Moderate Unreviewed
CVE-2018-8913 was published May 13, 2022
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the... Moderate Unreviewed
CVE-2019-3912 was published May 13, 2022
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to... Moderate Unreviewed
CVE-2017-5614 was published May 13, 2022
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers... Moderate Unreviewed
CVE-2018-19796 was published May 13, 2022
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and... Moderate Unreviewed
CVE-2018-14366 was published May 13, 2022
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote... Moderate Unreviewed
CVE-2017-2217 was published May 13, 2022
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana... Moderate Unreviewed
CVE-2017-11482 was published May 13, 2022
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An... Moderate Unreviewed
CVE-2019-0540 was published May 13, 2022
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login... Moderate Unreviewed
CVE-2018-20698 was published May 13, 2022
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013... Moderate Unreviewed
CVE-2018-0924 was published May 13, 2022
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions... Moderate Unreviewed
CVE-2018-3819 was published May 13, 2022
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an... Moderate Unreviewed
CVE-2016-10365 was published May 13, 2022
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the... Moderate Unreviewed
CVE-2017-8451 was published May 13, 2022
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open... Moderate Unreviewed
CVE-2018-1000671 was published May 13, 2022
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3... Moderate Unreviewed
CVE-2016-10742 was published May 13, 2022
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Moderate Unreviewed
CVE-2018-7692 was published May 13, 2022
Jive before 2016.3.1 has an open redirect from the external-link.jspa page. Moderate Unreviewed
CVE-2016-4334 was published May 13, 2022
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10... Moderate Unreviewed
CVE-2016-9099 was published May 13, 2022
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before... Moderate Unreviewed
CVE-2016-6636 was published May 13, 2022
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all... Moderate Unreviewed
CVE-2017-8047 was published May 13, 2022
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or... Moderate Unreviewed
CVE-2015-3190 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database