Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext... Critical Unreviewed
CVE-2018-20839 was published May 24, 2022
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password... Critical Unreviewed
CVE-2019-11403 was published May 24, 2022
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded... Critical Unreviewed
CVE-2016-4521 was published May 17, 2022
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain... Critical Unreviewed
CVE-2016-2298 was published May 17, 2022
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006... Critical Unreviewed
CVE-2016-1112 was published May 17, 2022
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests... Critical Unreviewed
CVE-2015-7926 was published May 17, 2022
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to... Critical Unreviewed
CVE-2016-10105 was published May 17, 2022
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x... Critical Unreviewed
CVE-2016-9885 was published May 17, 2022
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An... Critical Unreviewed
CVE-2017-5166 was published May 17, 2022
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to... Critical Unreviewed
CVE-2017-6070 was published May 17, 2022
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white... Critical Unreviewed
CVE-2017-5674 was published May 17, 2022
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2... Critical Unreviewed
CVE-2016-5757 was published May 17, 2022
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and... Critical Unreviewed
CVE-2015-5729 was published May 17, 2022
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the... Critical Unreviewed
CVE-2017-7575 was published May 17, 2022
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and... Critical Unreviewed
CVE-2016-1557 was published May 17, 2022
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames,... Critical Unreviewed
CVE-2015-7247 was published May 17, 2022
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation,... Critical Unreviewed
CVE-2016-5006 was published May 17, 2022
An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root... Critical Unreviewed
CVE-2017-7317 was published May 17, 2022
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the... Critical Unreviewed
CVE-2017-6708 was published May 17, 2022
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request... Critical Unreviewed
CVE-2017-11502 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233... Critical Unreviewed
CVE-2016-0903 was published May 17, 2022
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community,... Critical Unreviewed
CVE-2016-1473 was published May 17, 2022
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and... Critical Unreviewed
CVE-2017-11165 was published May 17, 2022
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error... Critical Unreviewed
CVE-2010-3845 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API