Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,830 advisories

Loading
Apache Tomcat Allows Source Disclosure Moderate
CVE-2001-0590 was published for org.apache.tomcat:tomcat-servlet-api (Maven) Apr 30, 2022
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server... Moderate Unreviewed
CVE-2000-0876 was published Apr 30, 2022
Jakarta Apache Tomcat Reveals Physical Paths Moderate
CVE-2000-0759 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0... Low Unreviewed
CVE-2000-0649 was published Apr 30, 2022
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by... Moderate Unreviewed
CVE-2000-0588 was published Apr 30, 2022
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain... Low Unreviewed
CVE-2000-0368 was published Apr 30, 2022
Microsoft Java Virtual Machine allows remote attackers to read files via the... Low Unreviewed
CVE-2000-0132 was published Apr 30, 2022
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote... Moderate Unreviewed
CVE-1999-1462 was published Apr 30, 2022
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows... Moderate Unreviewed
CVE-1999-1136 was published Apr 30, 2022
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an... Moderate Unreviewed
CVE-1999-0877 was published Apr 30, 2022
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could... Moderate Unreviewed
CVE-1999-0606 was published Apr 30, 2022
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose... Moderate Unreviewed
CVE-1999-0605 was published Apr 30, 2022
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. Low Unreviewed
CVE-1999-0524 was published Apr 30, 2022
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the... Moderate Unreviewed
CVE-1999-0453 was published Apr 30, 2022
The installer for BackOffice Server includes account names and passwords in a setup file (reboot... Low Unreviewed
CVE-1999-0372 was published Apr 30, 2022
IIS ASP caching problem releases sensitive information when two virtual servers share the same... Moderate Unreviewed
CVE-1999-0348 was published Apr 30, 2022
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. High Unreviewed
CVE-1999-0236 was published Apr 30, 2022
IRIX fam service allows an attacker to obtain a list of all files on the server. High Unreviewed
CVE-1999-0059 was published Apr 30, 2022
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key... High Unreviewed
CVE-2018-10911 was published Apr 30, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether... High Unreviewed
CVE-2021-43937 was published Apr 30, 2022
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel.... High Unreviewed
CVE-2022-1353 was published Apr 30, 2022
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows... Moderate Unreviewed
CVE-2004-2766 was published Apr 29, 2022
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers... Moderate Unreviewed
CVE-2004-2748 was published Apr 29, 2022
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and... Moderate Unreviewed
CVE-2004-2320 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database