GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
240 advisories
Filter by severity
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to...
Critical
Unreviewed
CVE-2016-9412
was published
May 17, 2022
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that...
Critical
Unreviewed
CVE-2016-6095
was published
May 17, 2022
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite ...
Critical
Unreviewed
CVE-2016-8325
was published
May 17, 2022
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate...
Critical
Unreviewed
CVE-2016-5964
was published
May 17, 2022
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload...
Critical
Unreviewed
CVE-2016-8938
was published
May 17, 2022
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to...
Critical
Unreviewed
CVE-2016-9005
was published
May 17, 2022
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX...
Critical
Unreviewed
CVE-2016-5815
was published
May 17, 2022
Cougar-LG stores sensitive information under the web root with insufficient access control, which...
Critical
Unreviewed
CVE-2014-3928
was published
May 17, 2022
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors...
Critical
Unreviewed
CVE-2016-6143
was published
May 17, 2022
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values,...
Critical
Unreviewed
CVE-2016-8584
was published
May 17, 2022
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites...
Critical
Unreviewed
CVE-2015-2692
was published
May 17, 2022
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743...
Critical
Unreviewed
CVE-2016-5144
was published
May 17, 2022
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote...
Critical
Unreviewed
CVE-2016-8418
was published
May 17, 2022
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle...
Critical
Unreviewed
CVE-2016-5605
was published
May 17, 2022
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files...
Critical
Unreviewed
CVE-2016-8565
was published
May 17, 2022
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875...
Critical
Unreviewed
CVE-2016-4694
was published
May 17, 2022
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006...
Critical
Unreviewed
CVE-2016-6958
was published
May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to...
Critical
Unreviewed
CVE-2016-10382
was published
May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability...
Critical
Unreviewed
CVE-2015-9040
was published
May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability...
Critical
Unreviewed
CVE-2015-9047
was published
May 17, 2022
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM...
Critical
Unreviewed
CVE-2016-8580
was published
May 17, 2022
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute...
Critical
Unreviewed
CVE-2014-9513
was published
May 17, 2022
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the ...
Critical
Unreviewed
CVE-2014-9148
was published
May 17, 2022
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a...
Critical
Unreviewed
CVE-2016-10144
was published
May 17, 2022
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by...
Critical
Unreviewed
CVE-2014-3624
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API