GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
370 advisories
Filter by severity
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval...
High
Unreviewed
CVE-2018-1000048
was published
May 14, 2022
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library...
High
Unreviewed
CVE-2018-1000046
was published
May 14, 2022
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather...
High
Unreviewed
CVE-2018-1000045
was published
May 14, 2022
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the...
High
Unreviewed
CVE-2017-2295
was published
May 14, 2022
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+,...
High
Unreviewed
CVE-2018-7891
was published
May 14, 2022
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8...
High
Unreviewed
CVE-2018-10654
was published
May 14, 2022
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,...
High
Unreviewed
CVE-2017-1677
was published
May 14, 2022
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...
High
Unreviewed
CVE-2018-8349
was published
May 14, 2022
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi...
High
Unreviewed
CVE-2016-4398
was published
May 14, 2022
A remote code execution vulnerability was identified in HP Business Service Management (BSM)...
High
Unreviewed
CVE-2016-4405
was published
May 14, 2022
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute...
High
Unreviewed
CVE-2018-14878
was published
May 14, 2022
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data,...
High
Unreviewed
CVE-2018-7889
was published
May 14, 2022
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security...
High
Unreviewed
CVE-2018-10513
was published
May 14, 2022
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the...
High
Unreviewed
CVE-2018-15503
was published
May 14, 2022
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce...
High
Unreviewed
CVE-2018-15514
was published
May 14, 2022
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied...
High
Unreviewed
CVE-2018-18987
was published
May 14, 2022
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its...
High
Unreviewed
CVE-2018-18013
was published
May 14, 2022
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...
High
Unreviewed
CVE-2018-0824
was published
May 14, 2022
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code...
High
Unreviewed
CVE-2018-20221
was published
May 14, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0...
High
Unreviewed
CVE-2015-4852
was published
May 14, 2022
An attacker may convince a victim to open a malicious action micro (.actm) file that has...
High
Unreviewed
CVE-2019-7361
was published
May 14, 2022
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated...
High
Unreviewed
CVE-2018-19499
was published
May 13, 2022
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of...
High
Unreviewed
CVE-2018-19396
was published
May 13, 2022
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE...
High
Unreviewed
CVE-2018-1000509
was published
May 13, 2022
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that...
High
Unreviewed
CVE-2017-7293
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API