GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,622 advisories
Filter by severity
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x...
Low
Unreviewed
CVE-2015-2108
was published
May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality...
Low
Unreviewed
CVE-2016-0618
was published
May 17, 2022
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1...
Low
Unreviewed
CVE-2012-6150
was published
May 17, 2022
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within...
Low
Unreviewed
CVE-2015-3756
was published
May 17, 2022
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows...
Low
Unreviewed
CVE-2013-5770
was published
May 17, 2022
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated...
Low
Unreviewed
CVE-2013-5793
was published
May 17, 2022
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other...
Low
Unreviewed
CVE-2013-4375
was published
May 17, 2022
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect...
Low
Unreviewed
CVE-2016-0601
was published
May 17, 2022
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3...
Low
Unreviewed
CVE-2016-0405
was published
May 17, 2022
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote...
Low
Unreviewed
CVE-2014-0875
was published
May 17, 2022
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict...
Low
Unreviewed
CVE-2014-4039
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6...
Low
Unreviewed
CVE-2015-0122
was published
May 17, 2022
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled,...
Low
Unreviewed
CVE-2015-3785
was published
May 17, 2022
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain...
Low
Unreviewed
CVE-2015-5854
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0...
Low
Unreviewed
CVE-2013-4995
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component...
Low
Unreviewed
CVE-2013-5951
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting...
Low
Unreviewed
CVE-2014-8960
was published
May 17, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c...
Low
Unreviewed
CVE-2020-24349
was published
May 24, 2022
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36...
Low
Unreviewed
CVE-2015-3921
was published
May 17, 2022
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows...
Low
Unreviewed
CVE-2020-10453
was published
May 24, 2022
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Low
Unreviewed
CVE-2020-10977
was published
May 24, 2022
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure,...
Low
Unreviewed
CVE-2015-5863
was published
May 17, 2022
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does...
Low
Unreviewed
CVE-2015-5851
was published
May 17, 2022
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates...
Low
Unreviewed
CVE-2014-9506
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API