GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
110,218 advisories
Filter by severity
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote...
Moderate
Unreviewed
CVE-2013-4264
was published
May 17, 2022
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block...
Moderate
Unreviewed
CVE-2013-7018
was published
May 17, 2022
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is...
Moderate
Unreviewed
CVE-2013-7424
was published
May 17, 2022
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or...
Moderate
Unreviewed
CVE-2014-7142
was published
May 17, 2022
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of...
Moderate
Unreviewed
CVE-2014-0919
was published
May 17, 2022
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle...
Moderate
Unreviewed
CVE-2014-0092
was published
May 17, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:...
Moderate
Unreviewed
CVE-2019-2816
was published
May 24, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI)....
Moderate
Unreviewed
CVE-2019-2684
was published
May 24, 2022
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported...
Moderate
Unreviewed
CVE-2019-2745
was published
May 24, 2022
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20...
Moderate
Unreviewed
CVE-2012-2845
was published
May 17, 2022
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to...
Moderate
Unreviewed
CVE-2016-8501
was published
May 17, 2022
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft...
Moderate
Unreviewed
CVE-2013-5794
was published
May 17, 2022
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11...
Moderate
Unreviewed
CVE-2012-3137
was published
May 17, 2022
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1...
Moderate
Unreviewed
CVE-2010-2410
was published
May 17, 2022
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0...
Moderate
Unreviewed
CVE-2011-0835
was published
May 17, 2022
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft...
Moderate
Unreviewed
CVE-2011-2280
was published
May 17, 2022
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to...
Moderate
Unreviewed
CVE-2013-1981
was published
May 17, 2022
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect...
Moderate
Unreviewed
CVE-2011-0813
was published
May 17, 2022
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace...
Moderate
Unreviewed
CVE-2020-35478
was published
May 24, 2022
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry...
Moderate
Unreviewed
CVE-2020-35479
was published
May 24, 2022
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL...
Moderate
Unreviewed
CVE-2020-26835
was published
May 24, 2022
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of...
Moderate
Unreviewed
CVE-2020-13528
was published
May 24, 2022
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra...
Moderate
Unreviewed
CVE-2022-1293
was published
Aug 3, 2022
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8...
Moderate
Unreviewed
CVE-2016-2991
was published
May 17, 2022
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause...
Moderate
Unreviewed
CVE-2013-1038
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API