GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,269 advisories
Filter by severity
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile...
Critical
Unreviewed
CVE-2014-10059
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile...
Critical
Unreviewed
CVE-2014-10050
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile,...
Critical
Unreviewed
CVE-2014-10053
was published
May 14, 2022
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile,...
High
Unreviewed
CVE-2015-9140
was published
May 14, 2022
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might...
Moderate
Unreviewed
CVE-2014-1399
was published
May 14, 2022
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might...
Moderate
Unreviewed
CVE-2014-1398
was published
May 14, 2022
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow...
Moderate
Unreviewed
CVE-2014-1400
was published
May 14, 2022
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for...
Moderate
Unreviewed
CVE-2016-9645
was published
May 14, 2022
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1...
High
Unreviewed
CVE-2014-0881
was published
May 14, 2022
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access...
Moderate
Unreviewed
CVE-2013-6739
was published
May 14, 2022
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1...
High
Unreviewed
CVE-2013-6272
was published
May 14, 2022
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by...
Critical
Unreviewed
CVE-2014-2048
was published
May 14, 2022
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote...
Critical
Unreviewed
CVE-2016-5239
was published
May 14, 2022
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents...
High
Unreviewed
CVE-2016-9905
was published
May 14, 2022
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session,...
Moderate
Unreviewed
CVE-2015-3155
was published
May 14, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct...
High
Unreviewed
CVE-2015-7263
was published
May 14, 2022
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote...
High
Unreviewed
CVE-2015-7265
was published
May 14, 2022
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via...
High
Unreviewed
CVE-2013-2972
was published
May 14, 2022
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the...
Moderate
Unreviewed
CVE-2016-4963
was published
May 14, 2022
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5,...
Low
Unreviewed
CVE-2015-1922
was published
May 14, 2022
Improper Access Control in Apache WSS4J
Moderate
CVE-2015-0227
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a...
High
Unreviewed
CVE-2014-8757
was published
May 14, 2022
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate...
Moderate
Unreviewed
CVE-2015-1376
was published
May 14, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-1427
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and...
Moderate
Unreviewed
CVE-2015-3152
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API