GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,622 advisories
Filter by severity
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which...
Low
Unreviewed
CVE-2002-2000
was published
Apr 23, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Low
Unreviewed
CVE-2013-1945
was published
May 5, 2022
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that...
Low
Unreviewed
CVE-2018-2005
was published
May 24, 2022
Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read...
Low
Unreviewed
CVE-2019-5296
was published
May 24, 2022
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user...
Low
Unreviewed
CVE-2019-0307
was published
May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange...
Low
Unreviewed
CVE-2019-10155
was published
May 24, 2022
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the...
Low
Unreviewed
CVE-2018-10947
was published
May 24, 2022
Logic condition in specific microprocessors may allow an authenticated user to potentially enable...
Low
Unreviewed
CVE-2019-0174
was published
May 24, 2022
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial...
Low
Unreviewed
CVE-2019-13232
was published
May 24, 2022
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish...
Low
Unreviewed
CVE-2019-1010310
was published
May 24, 2022
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt...
Low
Unreviewed
CVE-2019-1010208
was published
May 24, 2022
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories...
Low
Unreviewed
CVE-2018-20894
was published
May 24, 2022
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation...
Low
Unreviewed
CVE-2018-20897
was published
May 24, 2022
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
Low
Unreviewed
CVE-2018-20896
was published
May 24, 2022
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
Low
Unreviewed
CVE-2018-20927
was published
May 24, 2022
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by...
Low
Unreviewed
CVE-2018-20939
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval...
Low
Unreviewed
CVE-2018-20943
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a...
Low
Unreviewed
CVE-2018-20944
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval...
Low
Unreviewed
CVE-2018-20940
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive...
Low
Unreviewed
CVE-2018-20946
was published
May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval...
Low
Unreviewed
CVE-2018-20942
was published
May 24, 2022
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC...
Low
Unreviewed
CVE-2017-18384
was published
May 24, 2022
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable...
Low
Unreviewed
CVE-2017-18391
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API