Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

370 advisories

Loading
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval... High Unreviewed
CVE-2018-1000048 was published May 14, 2022
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library... High Unreviewed
CVE-2018-1000046 was published May 14, 2022
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather... High Unreviewed
CVE-2018-1000045 was published May 14, 2022
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the... High Unreviewed
CVE-2017-2295 was published May 14, 2022
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+,... High Unreviewed
CVE-2018-7891 was published May 14, 2022
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8... High Unreviewed
CVE-2018-10654 was published May 14, 2022
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,... High Unreviewed
CVE-2017-1677 was published May 14, 2022
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to... High Unreviewed
CVE-2018-8349 was published May 14, 2022
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi... High Unreviewed
CVE-2016-4398 was published May 14, 2022
A remote code execution vulnerability was identified in HP Business Service Management (BSM)... High Unreviewed
CVE-2016-4405 was published May 14, 2022
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute... High Unreviewed
CVE-2018-14878 was published May 14, 2022
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data,... High Unreviewed
CVE-2018-7889 was published May 14, 2022
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security... High Unreviewed
CVE-2018-10513 was published May 14, 2022
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the... High Unreviewed
CVE-2018-15503 was published May 14, 2022
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce... High Unreviewed
CVE-2018-15514 was published May 14, 2022
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied... High Unreviewed
CVE-2018-18987 was published May 14, 2022
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its... High Unreviewed
CVE-2018-18013 was published May 14, 2022
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to... High Unreviewed
CVE-2018-0824 was published May 14, 2022
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code... High Unreviewed
CVE-2018-20221 was published May 14, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
An attacker may convince a victim to open a malicious action micro (.actm) file that has... High Unreviewed
CVE-2019-7361 was published May 14, 2022
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated... High Unreviewed
CVE-2018-19499 was published May 13, 2022
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of... High Unreviewed
CVE-2018-19396 was published May 13, 2022
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE... High Unreviewed
CVE-2018-1000509 was published May 13, 2022
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that... High Unreviewed
CVE-2017-7293 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API