Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,622 advisories

Loading
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x... Low Unreviewed
CVE-2015-2108 was published May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality... Low Unreviewed
CVE-2016-0618 was published May 17, 2022
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1... Low Unreviewed
CVE-2012-6150 was published May 17, 2022
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within... Low Unreviewed
CVE-2015-3756 was published May 17, 2022
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows... Low Unreviewed
CVE-2013-5770 was published May 17, 2022
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated... Low Unreviewed
CVE-2013-5793 was published May 17, 2022
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other... Low Unreviewed
CVE-2013-4375 was published May 17, 2022
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect... Low Unreviewed
CVE-2016-0601 was published May 17, 2022
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3... Low Unreviewed
CVE-2016-0405 was published May 17, 2022
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote... Low Unreviewed
CVE-2014-0875 was published May 17, 2022
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict... Low Unreviewed
CVE-2014-4039 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6... Low Unreviewed
CVE-2015-0122 was published May 17, 2022
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled,... Low Unreviewed
CVE-2015-3785 was published May 17, 2022
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain... Low Unreviewed
CVE-2015-5854 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0... Low Unreviewed
CVE-2013-4995 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component... Low Unreviewed
CVE-2013-5951 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting... Low Unreviewed
CVE-2014-8960 was published May 17, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c... Low Unreviewed
CVE-2020-24349 was published May 24, 2022
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36... Low Unreviewed
CVE-2015-3921 was published May 17, 2022
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows... Low Unreviewed
CVE-2020-10453 was published May 24, 2022
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Low Unreviewed
CVE-2020-10977 was published May 24, 2022
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure,... Low Unreviewed
CVE-2015-5863 was published May 17, 2022
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does... Low Unreviewed
CVE-2015-5851 was published May 17, 2022
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates... Low Unreviewed
CVE-2014-9506 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API