GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,640 advisories
Filter by severity
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via...
High
Unreviewed
CVE-2014-9762
was published
May 17, 2022
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer...
Moderate
Unreviewed
CVE-2014-2899
was published
May 17, 2022
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4,...
High
Unreviewed
CVE-2015-7036
was published
May 17, 2022
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to...
Moderate
Unreviewed
CVE-2016-4868
was published
May 17, 2022
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of...
High
Unreviewed
CVE-2016-4547
was published
May 17, 2022
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN...
High
Unreviewed
CVE-2015-1611
was published
May 17, 2022
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type,...
Critical
Unreviewed
CVE-2016-6878
was published
May 17, 2022
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9...
High
Unreviewed
CVE-2014-2113
was published
May 17, 2022
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users...
High
Unreviewed
CVE-2016-7998
was published
May 17, 2022
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is...
Critical
Unreviewed
CVE-2016-4899
was published
May 17, 2022
A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to...
Moderate
Unreviewed
CVE-2017-0184
was published
May 17, 2022
A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows...
Moderate
Unreviewed
CVE-2017-0179
was published
May 17, 2022
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename...
Critical
Unreviewed
CVE-2017-5215
was published
May 17, 2022
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to...
High
Unreviewed
CVE-2016-2194
was published
May 17, 2022
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE,...
Moderate
Unreviewed
CVE-2014-2146
was published
May 17, 2022
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue...
Moderate
Unreviewed
CVE-2016-7580
was published
May 17, 2022
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be...
Critical
Unreviewed
CVE-2017-2989
was published
May 17, 2022
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is...
Critical
Unreviewed
CVE-2016-4898
was published
May 17, 2022
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC...
High
Unreviewed
CVE-2016-2850
was published
May 17, 2022
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability ...
High
Unreviewed
CVE-2016-10079
was published
May 17, 2022
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers...
Moderate
Unreviewed
CVE-2016-7785
was published
May 17, 2022
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel...
High
Unreviewed
CVE-2016-4038
was published
May 17, 2022
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x...
Critical
Unreviewed
CVE-2017-2773
was published
May 17, 2022
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's...
High
Unreviewed
CVE-2016-9977
was published
May 17, 2022
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
High
Unreviewed
CVE-2022-27929
was published
Jul 18, 2022
ProTip!
Advisories are also available from the
GraphQL API