GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
387 advisories
Filter by severity
** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2...
High
Unreviewed
CVE-2017-8804
was published
May 13, 2022
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize...
High
Unreviewed
CVE-2018-15576
was published
May 13, 2022
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus'...
High
Unreviewed
CVE-2018-18589
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class...
High
Unreviewed
CVE-2019-9056
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files...
High
Unreviewed
CVE-2019-9055
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action...
High
Unreviewed
CVE-2019-9061
was published
May 13, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to...
High
Unreviewed
CVE-2019-9057
was published
May 13, 2022
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize...
High
Unreviewed
CVE-2010-3258
was published
May 13, 2022
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting...
High
Unreviewed
CVE-2017-1000195
was published
May 13, 2022
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS...
High
Unreviewed
CVE-2010-4574
was published
May 13, 2022
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0...
High
Unreviewed
CVE-2017-14141
was published
May 13, 2022
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017...
High
Unreviewed
CVE-2018-7529
was published
May 13, 2022
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach...
High
Unreviewed
CVE-2018-12539
was published
May 13, 2022
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version...
High
Unreviewed
CVE-2017-3201
was published
May 13, 2022
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x,...
High
Unreviewed
CVE-2016-8648
was published
May 13, 2022
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray...
High
Unreviewed
CVE-2016-0750
was published
May 13, 2022
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product:...
High
Unreviewed
CVE-2017-0806
was published
May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to...
High
Unreviewed
CVE-2017-1000148
was published
May 13, 2022
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0,...
High
Unreviewed
CVE-2017-10803
was published
May 13, 2022
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due...
High
Unreviewed
CVE-2017-13286
was published
May 13, 2022
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that...
High
Unreviewed
CVE-2017-7293
was published
May 13, 2022
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE...
High
Unreviewed
CVE-2018-1000509
was published
May 13, 2022
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of...
High
Unreviewed
CVE-2018-19396
was published
May 13, 2022
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated...
High
Unreviewed
CVE-2018-19499
was published
May 13, 2022
An attacker may convince a victim to open a malicious action micro (.actm) file that has...
High
Unreviewed
CVE-2019-7361
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API