GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,303 advisories
Filter by severity
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5...
Moderate
Unreviewed
CVE-2015-1989
was published
May 17, 2022
The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000...
Moderate
Unreviewed
CVE-2015-6374
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the...
Moderate
Unreviewed
CVE-2014-8617
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1...
Moderate
Unreviewed
CVE-2015-6373
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote...
Moderate
Unreviewed
CVE-2015-7348
was published
May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability...
Moderate
Unreviewed
CVE-2014-6490
was published
May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality,...
Moderate
Unreviewed
CVE-2014-6470
was published
May 17, 2022
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply...
Moderate
Unreviewed
CVE-2014-6498
was published
May 17, 2022
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply...
Moderate
Unreviewed
CVE-2014-6533
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2,...
Moderate
Unreviewed
CVE-2014-9033
was published
May 17, 2022
The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents,...
Moderate
Unreviewed
CVE-2015-5661
was published
May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect...
Moderate
Unreviewed
CVE-2014-4277
was published
May 17, 2022
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1...
Moderate
Unreviewed
CVE-2014-6462
was published
May 17, 2022
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1...
Moderate
Unreviewed
CVE-2014-6461
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10...
Moderate
Unreviewed
CVE-2014-2712
was published
May 17, 2022
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to...
Moderate
Unreviewed
CVE-2015-7718
was published
May 17, 2022
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated...
Moderate
Unreviewed
CVE-2015-5648
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security...
Moderate
Unreviewed
CVE-2013-3396
was published
May 17, 2022
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server ...
Moderate
Unreviewed
CVE-2014-0774
was published
May 17, 2022
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and...
Moderate
Unreviewed
CVE-2013-6975
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and...
Moderate
Unreviewed
CVE-2015-6493
was published
May 17, 2022
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003...
Moderate
Unreviewed
CVE-2015-6491
was published
May 17, 2022
Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes...
Moderate
Unreviewed
CVE-2015-3973
was published
May 17, 2022
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive...
Moderate
Unreviewed
CVE-2015-8074
was published
May 17, 2022
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain...
Moderate
Unreviewed
CVE-2015-3270
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API