Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,622 advisories

Loading
Concrete CMS Stored XSS in the Search Field Low
CVE-2024-3181 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS in blocks of type file Low
CVE-2024-3180 was published for concrete5/concrete5 (Composer) Apr 3, 2024
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which... Low Unreviewed
CVE-2002-2000 was published Apr 23, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that... Low Unreviewed
CVE-2018-2005 was published May 24, 2022
Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read... Low Unreviewed
CVE-2019-5296 was published May 24, 2022
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user... Low Unreviewed
CVE-2019-0307 was published May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange... Low Unreviewed
CVE-2019-10155 was published May 24, 2022
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the... Low Unreviewed
CVE-2018-10947 was published May 24, 2022
Logic condition in specific microprocessors may allow an authenticated user to potentially enable... Low Unreviewed
CVE-2019-0174 was published May 24, 2022
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial... Low Unreviewed
CVE-2019-13232 was published May 24, 2022
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish... Low Unreviewed
CVE-2019-1010310 was published May 24, 2022
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt... Low Unreviewed
CVE-2019-1010208 was published May 24, 2022
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories... Low Unreviewed
CVE-2018-20894 was published May 24, 2022
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation... Low Unreviewed
CVE-2018-20897 was published May 24, 2022
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). Low Unreviewed
CVE-2018-20896 was published May 24, 2022
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). Low Unreviewed
CVE-2018-20927 was published May 24, 2022
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by... Low Unreviewed
CVE-2018-20939 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval... Low Unreviewed
CVE-2018-20943 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a... Low Unreviewed
CVE-2018-20944 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval... Low Unreviewed
CVE-2018-20940 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive... Low Unreviewed
CVE-2018-20946 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval... Low Unreviewed
CVE-2018-20942 was published May 24, 2022
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC... Low Unreviewed
CVE-2017-18384 was published May 24, 2022
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable... Low Unreviewed
CVE-2017-18391 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API