GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,313

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

175 advisories

Filter by severity

Sort by

Least recently updated

salt password information leaked in debug logs Critical

CVE-2015-6941 was published for salt (pip) May 17, 2022

Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of... Critical Unreviewed

CVE-2017-5496 was published May 17, 2022

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the ... Critical Unreviewed

CVE-2016-10175 was published May 17, 2022

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to... Critical Unreviewed

CVE-2015-5959 was published May 17, 2022

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical

CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive... Critical Unreviewed

CVE-2017-14269 was published May 17, 2022

eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP... Critical Unreviewed

CVE-2014-8174 was published May 17, 2022

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc... Critical Unreviewed

CVE-2015-5284 was published May 17, 2022

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially... Critical Unreviewed

CVE-2017-9393 was published May 17, 2022

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via... Critical Unreviewed

CVE-2015-8707 was published May 17, 2022

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains... Critical Unreviewed

CVE-2017-13701 was published May 17, 2022

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... Critical Unreviewed

CVE-2017-13664 was published May 17, 2022

An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed

CVE-2017-13149 was published May 17, 2022

An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed

CVE-2017-13150 was published May 17, 2022

An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed

CVE-2017-0879 was published May 17, 2022

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. Critical Unreviewed

CVE-2017-17735 was published May 14, 2022

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. Critical Unreviewed

CVE-2017-17734 was published May 14, 2022

Exposure of Sensitive Information in Jenkins Core Critical

CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022

CPEs used by subscribers on the access network receive their individual configuration settings... Critical Unreviewed

CVE-2017-6094 was published May 14, 2022

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access... Critical Unreviewed

CVE-2018-3813 was published May 14, 2022

An information disclosure vulnerability in the Android media framework (libavc). Product: Android... Critical Unreviewed

CVE-2017-13204 was published May 14, 2022

An information disclosure vulnerability in the Android media framework (aac). Product: Android.... Critical Unreviewed

CVE-2017-13188 was published May 14, 2022

An information disclosure vulnerability in the Android media framework (libavc). Product: Android... Critical Unreviewed

CVE-2017-13203 was published May 14, 2022

An information disclosure vulnerability in the Android media framework (libhevc). Product:... Critical Unreviewed

CVE-2017-13185 was published May 14, 2022

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the... Critical Unreviewed

CVE-2017-11079 was published May 14, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

175 advisories