GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
759 advisories
Filter by severity
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER...
High
Unreviewed
CVE-2017-17511
was published
May 14, 2022
** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses...
High
Unreviewed
CVE-2017-14523
was published
May 14, 2022
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to...
Critical
Unreviewed
CVE-2017-1000493
was published
May 14, 2022
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...
Critical
Unreviewed
CVE-2018-4995
was published
May 13, 2022
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as...
High
Unreviewed
CVE-2018-20167
was published
May 13, 2022
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com...
Moderate
Unreviewed
CVE-2017-8458
was published
May 13, 2022
ntopng before 3.0 allows HTTP Response Splitting.
High
Unreviewed
CVE-2017-7459
was published
May 13, 2022
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate...
Critical
Unreviewed
CVE-2017-7239
was published
May 13, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to...
High
Unreviewed
CVE-2017-6971
was published
May 13, 2022
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an...
High
Unreviewed
CVE-2017-6748
was published
May 13, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ...
High
Unreviewed
CVE-2017-3547
was published
May 13, 2022
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7...
High
Unreviewed
CVE-2015-1592
was published
May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could...
Critical
Unreviewed
CVE-2017-14094
was published
May 13, 2022
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort...
High
Unreviewed
CVE-2017-16719
was published
May 13, 2022
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM)...
Moderate
Unreviewed
CVE-2017-16766
was published
May 13, 2022
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject...
Moderate
Unreviewed
CVE-2017-1115
was published
May 13, 2022
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2017-1202
was published
May 13, 2022
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee...
Moderate
Unreviewed
CVE-2017-4028
was published
May 13, 2022
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ...
High
Unreviewed
CVE-2017-6031
was published
May 13, 2022
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk...
High
Unreviewed
CVE-2017-6015
was published
May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper...
High
Unreviewed
CVE-2018-18992
was published
May 13, 2022
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that...
Moderate
Unreviewed
CVE-2018-1896
was published
May 13, 2022
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper...
Moderate
Unreviewed
CVE-2018-1943
was published
May 13, 2022
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,...
High
Unreviewed
CVE-2018-9062
was published
May 13, 2022
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ...
High
Unreviewed
CVE-2015-4075
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API