Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,269 advisories

Loading
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2014-10059 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile... Critical Unreviewed
CVE-2014-10050 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,... Critical Unreviewed
CVE-2014-10053 was published May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile,... High Unreviewed
CVE-2015-9140 was published May 14, 2022
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might... Moderate Unreviewed
CVE-2014-1399 was published May 14, 2022
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might... Moderate Unreviewed
CVE-2014-1398 was published May 14, 2022
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow... Moderate Unreviewed
CVE-2014-1400 was published May 14, 2022
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for... Moderate Unreviewed
CVE-2016-9645 was published May 14, 2022
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1... High Unreviewed
CVE-2014-0881 was published May 14, 2022
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access... Moderate Unreviewed
CVE-2013-6739 was published May 14, 2022
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1... High Unreviewed
CVE-2013-6272 was published May 14, 2022
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by... Critical Unreviewed
CVE-2014-2048 was published May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote... Critical Unreviewed
CVE-2016-5239 was published May 14, 2022
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents... High Unreviewed
CVE-2016-9905 was published May 14, 2022
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session,... Moderate Unreviewed
CVE-2015-3155 was published May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct... High Unreviewed
CVE-2015-7263 was published May 14, 2022
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote... High Unreviewed
CVE-2015-7265 was published May 14, 2022
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via... High Unreviewed
CVE-2013-2972 was published May 14, 2022
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the... Moderate Unreviewed
CVE-2016-4963 was published May 14, 2022
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5,... Low Unreviewed
CVE-2015-1922 was published May 14, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a... High Unreviewed
CVE-2014-8757 was published May 14, 2022
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate... Moderate Unreviewed
CVE-2015-1376 was published May 14, 2022
Improper Access Control in Elasticsearch High
CVE-2015-1427 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and... Moderate Unreviewed
CVE-2015-3152 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database