GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
Critical
CVE-2019-16377
was published
for
consul
(RubyGems)
Sep 27, 2019
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
The public API error causes for the attacker to be able to bypass API access control.
Critical
Unreviewed
CVE-2022-23730
was published
Mar 12, 2022
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a...
Critical
Unreviewed
CVE-2022-0541
was published
Apr 26, 2022
Roundup xml-rpc server improper check of property permissions
Critical
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an...
Critical
Unreviewed
CVE-2022-20777
was published
May 5, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ...
Critical
Unreviewed
CVE-2016-9877
was published
May 13, 2022
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers...
Critical
Unreviewed
CVE-2016-2788
was published
May 13, 2022
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary...
Critical
Unreviewed
CVE-2016-3987
was published
May 13, 2022
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5556
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5568
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101...
Critical
Unreviewed
CVE-2016-5582
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
The potential exists for exposure of the product's password used to restrict unauthorized access...
Critical
Unreviewed
CVE-2010-5305
was published
May 13, 2022
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote...
Critical
Unreviewed
CVE-2016-5118
was published
May 13, 2022
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by...
Critical
Unreviewed
CVE-2018-7364
was published
May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary...
Critical
Unreviewed
CVE-2017-9855
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API