GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird...
Critical
Unreviewed
CVE-2017-5429
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile,...
Critical
Unreviewed
CVE-2016-10501
was published
May 14, 2022
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is...
Critical
Unreviewed
CVE-2017-14877
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and...
Critical
Unreviewed
CVE-2016-10421
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,...
Critical
Unreviewed
CVE-2016-10494
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and...
Critical
Unreviewed
CVE-2016-10448
was published
May 14, 2022
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS...
Critical
Unreviewed
CVE-2017-14881
was published
May 14, 2022
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown)...
Critical
Unreviewed
CVE-2018-8823
was published
May 14, 2022
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain...
Critical
Unreviewed
CVE-2017-17540
was published
May 14, 2022
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a...
Critical
Unreviewed
CVE-2018-10757
was published
May 14, 2022
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList...
Critical
Unreviewed
CVE-2016-5276
was published
May 14, 2022
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute...
Critical
Unreviewed
CVE-2014-5014
was published
May 14, 2022
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT...
Critical
Unreviewed
CVE-2018-10723
was published
May 14, 2022
A use-after-free vulnerability during XSLT processing due to the result handler being held by a...
Critical
Unreviewed
CVE-2017-5438
was published
May 14, 2022
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD...
Critical
Unreviewed
CVE-2017-14913
was published
May 14, 2022
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters...
Critical
Unreviewed
CVE-2017-5439
was published
May 14, 2022
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect...
Critical
Unreviewed
CVE-2017-5446
was published
May 14, 2022
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of...
Critical
Unreviewed
CVE-2017-5464
was published
May 14, 2022
A use-after-free vulnerability occurs when redirecting focus handling which results in a...
Critical
Unreviewed
CVE-2017-5434
was published
May 14, 2022
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives....
Critical
Unreviewed
CVE-2017-5443
was published
May 14, 2022
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing...
Critical
Unreviewed
CVE-2017-14915
was published
May 14, 2022
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206,...
Critical
Unreviewed
CVE-2017-14912
was published
May 14, 2022
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.
Critical
Unreviewed
CVE-2018-10544
was published
May 14, 2022
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by...
Critical
Unreviewed
CVE-2014-2048
was published
May 14, 2022
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown)...
Critical
Unreviewed
CVE-2018-8824
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API