Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,964 advisories

Loading
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of... Moderate Unreviewed
CVE-2014-5084 was published May 17, 2022
LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. High Unreviewed
CVE-2014-4982 was published May 17, 2022
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is... High Unreviewed
CVE-2022-3967 was published Nov 13, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to... High Unreviewed
CVE-2015-1169 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM... Moderate Unreviewed
CVE-2015-7466 was published May 17, 2022
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0... Low Unreviewed
CVE-2015-0116 was published May 17, 2022
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain... High Unreviewed
CVE-2016-5685 was published May 17, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf... Moderate Unreviewed
CVE-2015-2704 was published May 17, 2022
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an... Moderate Unreviewed
CVE-2022-36302 was published Aug 2, 2022
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to... Moderate Unreviewed
CVE-2021-27611 was published May 24, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie... Moderate Unreviewed
CVE-2015-5841 was published May 17, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML... High Unreviewed
CVE-2022-34966 was published Jul 26, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows... High Unreviewed
CVE-2016-2204 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database