Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

99,010 advisories

Loading
The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA... High Unreviewed
CVE-2016-1496 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS... High Unreviewed
CVE-2016-1172 was published May 17, 2022
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the... High Unreviewed
CVE-2016-0871 was published May 17, 2022
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier... High Unreviewed
CVE-2015-8400 was published May 17, 2022
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0... High Unreviewed
CVE-2015-5042 was published May 17, 2022
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to... High Unreviewed
CVE-2015-8483 was published May 17, 2022
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before... High Unreviewed
CVE-2015-4988 was published May 17, 2022
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows... High Unreviewed
CVE-2016-0807 was published May 17, 2022
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a... High Unreviewed
CVE-2016-0867 was published May 17, 2022
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile... High Unreviewed
CVE-2015-2875 was published May 17, 2022
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total... High Unreviewed
CVE-2015-8773 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962... High Unreviewed
CVE-2015-7678 was published May 17, 2022
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50... High Unreviewed
CVE-2015-5994 was published May 17, 2022
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via... High Unreviewed
CVE-2016-0853 was published May 17, 2022
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users... High Unreviewed
CVE-2016-0869 was published May 17, 2022
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not... High Unreviewed
CVE-2015-0532 was published May 17, 2022
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to... High Unreviewed
CVE-2015-0538 was published May 17, 2022
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified... High Unreviewed
CVE-2016-2272 was published May 17, 2022
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O,... High Unreviewed
CVE-2015-0984 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows... High Unreviewed
CVE-2016-1139 was published May 17, 2022
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read... High Unreviewed
CVE-2016-2289 was published May 17, 2022
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative... High Unreviewed
CVE-2016-0852 was published May 17, 2022
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch... High Unreviewed
CVE-2016-1233 was published May 17, 2022
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and... High Unreviewed
CVE-2015-7430 was published May 17, 2022
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which... High Unreviewed
CVE-2014-6261 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database