Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP... Moderate Unreviewed
CVE-2021-27861 was published Sep 28, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP... Moderate Unreviewed
CVE-2021-27862 was published Sep 28, 2022
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the... Moderate Unreviewed
CVE-2022-38712 was published Nov 4, 2022
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. High Unreviewed
CVE-2018-15588 was published May 13, 2022
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by... High Unreviewed
CVE-2017-8422 was published May 13, 2022
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and... High Unreviewed
CVE-2017-6405 was published May 13, 2022
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2... High Unreviewed
CVE-2017-18190 was published May 13, 2022
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by... Critical Unreviewed
CVE-2017-14487 was published May 13, 2022
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier... High Unreviewed
CVE-2017-11717 was published May 13, 2022
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing... High Unreviewed
CVE-2022-42983 was published Oct 17, 2022
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could... Moderate Unreviewed
CVE-2018-3829 was published May 13, 2022
HTTP Method Spoofing High
CVE-2021-43807 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
lkiesow
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka... Moderate Unreviewed
CVE-2018-8425 was published May 13, 2022
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7... High Unreviewed
CVE-2019-0283 was published May 13, 2022
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka... Moderate Unreviewed
CVE-2018-8388 was published May 13, 2022
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka... Moderate Unreviewed
CVE-2018-8278 was published May 13, 2022
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails... Moderate Unreviewed
CVE-2018-8153 was published May 13, 2022
Authentication Bypass in dex Critical
CVE-2020-27847 was published for github.com/dexidp/dex (Go) Dec 20, 2021
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka ... Moderate Unreviewed
CVE-2018-8383 was published May 13, 2022
SAML authentication vulnerability due to stdlib XML parsing High
CVE-2020-26276 was published for github.com/fleetdm/fleet/v4 (Go) Feb 11, 2022
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2... High Unreviewed
CVE-2018-12331 was published May 13, 2022
Authentication Bypass High
CVE-2021-29441 was published for com.alibaba.nacos:nacos-common (Maven) Apr 27, 2021
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a... Moderate Unreviewed
CVE-2018-1695 was published May 13, 2022
Token verification bug in next-auth Low
CVE-2021-21310 was published for next-auth (npm) Feb 11, 2021
AlessandroA balazsorban44
iaincollins
Authentication Bypass in Apache Cassandra High
CVE-2020-17516 was published for org.apache.cassandra:cassandra-all (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database