GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1...
Moderate
Unreviewed
CVE-2017-2621
was published
May 3, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
High
Unreviewed
CVE-2022-28462
was published
May 6, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp...
Moderate
Unreviewed
CVE-2022-29302
was published
May 13, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log...
Moderate
Unreviewed
CVE-2017-2622
was published
May 13, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr...
Moderate
Unreviewed
CVE-2015-1350
was published
May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized...
High
Unreviewed
CVE-2017-16651
was published
May 13, 2022
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an...
Low
Unreviewed
CVE-2018-0106
was published
May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download...
High
Unreviewed
CVE-2018-10869
was published
May 13, 2022
Drupal core access bypass vulnerability
Moderate
CVE-2017-6922
was published
for
drupal/core
(Composer)
May 13, 2022
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an...
Moderate
Unreviewed
CVE-2017-1602
was published
May 13, 2022
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized...
Critical
Unreviewed
CVE-2017-10930
was published
May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which...
High
Unreviewed
CVE-2017-11746
was published
May 13, 2022
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update...
Moderate
Unreviewed
CVE-2017-11829
was published
May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated...
Moderate
Unreviewed
CVE-2017-1308
was published
May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently...
Critical
Unreviewed
CVE-2017-14942
was published
May 13, 2022
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS...
Moderate
Unreviewed
CVE-2017-6774
was published
May 13, 2022
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue...
Moderate
Unreviewed
CVE-2017-7079
was published
May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers...
High
Unreviewed
CVE-2018-16946
was published
May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative...
High
Unreviewed
CVE-2018-5112
was published
May 13, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,...
High
Unreviewed
CVE-2018-9587
was published
May 13, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup...
High
Unreviewed
CVE-2017-2551
was published
May 17, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the...
Moderate
Unreviewed
CVE-2021-42644
was published
May 18, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
ProTip!
Advisories are also available from the
GraphQL API