GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and...
Critical
Unreviewed
CVE-2015-9216
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and...
Critical
Unreviewed
CVE-2015-9220
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425...
Critical
Unreviewed
CVE-2016-10454
was published
May 14, 2022
** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to...
Critical
Unreviewed
CVE-2018-10682
was published
May 14, 2022
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of...
Critical
Unreviewed
CVE-2018-6213
was published
May 14, 2022
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9...
Critical
Unreviewed
CVE-2018-10578
was published
May 14, 2022
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an...
Critical
Unreviewed
CVE-2018-6401
was published
May 14, 2022
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php...
Critical
Unreviewed
CVE-2018-11032
was published
May 14, 2022
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login...
Critical
Unreviewed
CVE-2018-10734
was published
May 14, 2022
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via...
Critical
Unreviewed
CVE-2022-42109
was published
Nov 29, 2022
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions:...
Critical
Unreviewed
CVE-2016-10230
was published
May 14, 2022
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android....
Critical
Unreviewed
CVE-2016-10298
was published
May 14, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue...
Critical
Unreviewed
CVE-2018-4105
was published
May 14, 2022
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0...
Critical
Unreviewed
CVE-2017-6349
was published
May 14, 2022
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads,...
Critical
Unreviewed
CVE-2017-7778
was published
May 14, 2022
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray...
Critical
Unreviewed
CVE-2016-7417
was published
May 14, 2022
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue...
Critical
Unreviewed
CVE-2018-4148
was published
May 14, 2022
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500...
Critical
Unreviewed
CVE-2022-36133
was published
Nov 25, 2022
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android....
Critical
Unreviewed
CVE-2014-9953
was published
May 14, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android....
Critical
Unreviewed
CVE-2014-9956
was published
May 14, 2022
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or...
Critical
Unreviewed
CVE-2015-3991
was published
May 14, 2022
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an...
Critical
Unreviewed
CVE-2018-12678
was published
May 14, 2022
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android....
Critical
Unreviewed
CVE-2015-9013
was published
May 14, 2022
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android....
Critical
Unreviewed
CVE-2014-9959
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API