Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,653
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

838 advisories

Loading
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP... Critical Unreviewed
CVE-2016-6501 was published May 17, 2022
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1... Critical Unreviewed
CVE-2016-5743 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6696 was published May 17, 2022
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10... Critical Unreviewed
CVE-2016-6693 was published May 17, 2022
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0... Critical Unreviewed
CVE-2016-1997 was published May 17, 2022
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and... Critical Unreviewed
CVE-2020-20907 was published May 24, 2022
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver... Critical Unreviewed
CVE-2016-0815 was published May 17, 2022
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation,... Critical Unreviewed
CVE-2022-31321 was published Aug 2, 2022
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to... Critical Unreviewed
CVE-2016-1998 was published May 17, 2022
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute... Critical Unreviewed
CVE-2016-7406 was published May 17, 2022
Improper input validation in Access Control APIs. Access control API may return memory range... Critical Unreviewed
CVE-2016-8437 was published May 17, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An... Critical Unreviewed
CVE-2016-7791 was published May 17, 2022
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An... Critical Unreviewed
CVE-2016-7790 was published May 17, 2022
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2016-7407 was published May 17, 2022
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows... Critical Unreviewed
CVE-2015-8212 was published May 17, 2022
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to... Critical Unreviewed
CVE-2016-9157 was published May 17, 2022
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type,... Critical Unreviewed
CVE-2016-6878 was published May 17, 2022
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is... Critical Unreviewed
CVE-2016-4899 was published May 17, 2022
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be... Critical Unreviewed
CVE-2017-2989 was published May 17, 2022
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is... Critical Unreviewed
CVE-2016-4898 was published May 17, 2022
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename... Critical Unreviewed
CVE-2017-5215 was published May 17, 2022
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x... Critical Unreviewed
CVE-2017-2773 was published May 17, 2022
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote... Critical Unreviewed
CVE-2014-8705 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database