GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
110,218 advisories
Filter by severity
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped...
Moderate
Unreviewed
CVE-2015-7195
was published
May 17, 2022
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1...
Moderate
Unreviewed
CVE-2015-7873
was published
May 17, 2022
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka...
Moderate
Unreviewed
CVE-2015-1000
was published
May 17, 2022
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC...
Moderate
Unreviewed
CVE-2015-2822
was published
May 17, 2022
SAP Content Server allows remote attackers to cause a denial of service (service termination) via...
Moderate
Unreviewed
CVE-2015-4157
was published
May 17, 2022
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs,...
Moderate
Unreviewed
CVE-2015-3720
was published
May 17, 2022
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in...
Moderate
Unreviewed
CVE-2014-9900
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4...
Moderate
Unreviewed
CVE-2015-2332
was published
May 17, 2022
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress...
Moderate
Unreviewed
CVE-2015-2292
was published
May 17, 2022
Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform...
Moderate
Unreviewed
CVE-2015-2167
was published
May 17, 2022
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service...
Moderate
Unreviewed
CVE-2015-2166
was published
May 17, 2022
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the...
Moderate
Unreviewed
CVE-2015-2335
was published
May 17, 2022
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in...
Moderate
Unreviewed
CVE-2014-9759
was published
May 17, 2022
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows...
Moderate
Unreviewed
CVE-2015-1153
was published
May 17, 2022
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon...
Moderate
Unreviewed
CVE-2015-7185
was published
May 17, 2022
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial...
Moderate
Unreviewed
CVE-2015-7090
was published
May 17, 2022
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial...
Moderate
Unreviewed
CVE-2015-7089
was published
May 17, 2022
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain...
Moderate
Unreviewed
CVE-2014-9732
was published
May 17, 2022
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial...
Moderate
Unreviewed
CVE-2015-7091
was published
May 17, 2022
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x...
Moderate
Unreviewed
CVE-2015-7189
was published
May 17, 2022
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial...
Moderate
Unreviewed
CVE-2015-7087
was published
May 17, 2022
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl...
Moderate
Unreviewed
CVE-2015-6790
was published
May 17, 2022
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before...
Moderate
Unreviewed
CVE-2014-8480
was published
May 17, 2022
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service ...
Moderate
Unreviewed
CVE-2013-7017
was published
May 17, 2022
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure...
Moderate
Unreviewed
CVE-2013-7021
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API