GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,770 advisories
Filter by severity
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username...
Moderate
Unreviewed
CVE-2012-2351
was published
May 17, 2022
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se...
Moderate
Unreviewed
CVE-2015-4414
was published
May 17, 2022
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to...
Moderate
Unreviewed
CVE-2016-6511
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote...
Moderate
Unreviewed
CVE-2016-6204
was published
May 17, 2022
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in...
Moderate
Unreviewed
CVE-2016-6156
was published
May 17, 2022
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad...
Moderate
Unreviewed
CVE-2010-2101
was published
May 17, 2022
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer...
Moderate
Unreviewed
CVE-2010-2531
was published
May 17, 2022
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x...
Moderate
Unreviewed
CVE-2010-3710
was published
May 17, 2022
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and...
Moderate
Unreviewed
CVE-2016-5021
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1...
Moderate
Unreviewed
CVE-2015-2941
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1...
Moderate
Unreviewed
CVE-2015-2938
was published
May 17, 2022
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote...
Moderate
Unreviewed
CVE-2015-4609
was published
May 17, 2022
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which...
Moderate
Unreviewed
CVE-2015-4518
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows...
Moderate
Unreviewed
CVE-2015-2940
was published
May 17, 2022
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by...
Moderate
Unreviewed
CVE-2016-6149
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0...
Moderate
Unreviewed
CVE-2016-6359
was published
May 17, 2022
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1...
Moderate
Unreviewed
CVE-2016-5977
was published
May 17, 2022
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0...
Moderate
Unreviewed
CVE-2016-5991
was published
May 17, 2022
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows...
Moderate
Unreviewed
CVE-2015-0810
was published
May 17, 2022
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame...
Moderate
Unreviewed
CVE-2014-4638
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows...
Moderate
Unreviewed
CVE-2016-2994
was published
May 17, 2022
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an...
Moderate
Unreviewed
CVE-2016-8224
was published
May 17, 2022
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0...
Moderate
Unreviewed
CVE-2016-5954
was published
May 17, 2022
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently...
Moderate
Unreviewed
CVE-2015-2809
was published
May 17, 2022
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack...
Moderate
Unreviewed
CVE-2015-1893
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API