GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,089
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,901
Maven 5,098
npm 3,631
NuGet 638
pip 3,245
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,429

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

759 advisories

Filter by severity

Sort by

Least recently updated

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER... High Unreviewed

CVE-2017-17511 was published May 14, 2022

** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses... High Unreviewed

CVE-2017-14523 was published May 14, 2022

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to... Critical Unreviewed

CVE-2017-1000493 was published May 14, 2022

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and... Critical Unreviewed

CVE-2018-4995 was published May 13, 2022

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as... High Unreviewed

CVE-2018-20167 was published May 13, 2022

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com... Moderate Unreviewed

CVE-2017-8458 was published May 13, 2022

ntopng before 3.0 allows HTTP Response Splitting. High Unreviewed

CVE-2017-7459 was published May 13, 2022

Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate... Critical Unreviewed

CVE-2017-7239 was published May 13, 2022

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to... High Unreviewed

CVE-2017-6971 was published May 13, 2022

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an... High Unreviewed

CVE-2017-6748 was published May 13, 2022

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... High Unreviewed

CVE-2017-3547 was published May 13, 2022

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7... High Unreviewed

CVE-2015-1592 was published May 13, 2022

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... Critical Unreviewed

CVE-2017-14094 was published May 13, 2022

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort... High Unreviewed

CVE-2017-16719 was published May 13, 2022

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM)... Moderate Unreviewed

CVE-2017-16766 was published May 13, 2022

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject... Moderate Unreviewed

CVE-2017-1115 was published May 13, 2022

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A... Moderate Unreviewed

CVE-2017-1202 was published May 13, 2022

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee... Moderate Unreviewed

CVE-2017-4028 was published May 13, 2022

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ... High Unreviewed

CVE-2017-6031 was published May 13, 2022

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk... High Unreviewed

CVE-2017-6015 was published May 13, 2022

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... High Unreviewed

CVE-2018-18992 was published May 13, 2022

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that... Moderate Unreviewed

CVE-2018-1896 was published May 13, 2022

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper... Moderate Unreviewed

CVE-2018-1943 was published May 13, 2022

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,... High Unreviewed

CVE-2018-9062 was published May 13, 2022

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ... High Unreviewed

CVE-2015-4075 was published May 13, 2022

Previous 1 2 … 25 26 27 28 29 30 31 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

759 advisories