GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,299

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

21,736 advisories

Filter by severity

Sort by

Least recently updated

EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow... Critical Unreviewed

CVE-2017-14378 was published May 13, 2022

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache)... Critical Unreviewed

CVE-2017-15366 was published May 13, 2022

An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for... Critical Unreviewed

CVE-2017-15379 was published May 13, 2022

Bamboo did not check that the name of a branch in a Mercurial repository contained argument... Critical Unreviewed

CVE-2017-14590 was published May 13, 2022

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because... Critical Unreviewed

CVE-2017-14138 was published May 13, 2022

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer... Critical Unreviewed

CVE-2017-15524 was published May 13, 2022

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read... Critical Unreviewed

CVE-2017-14349 was published May 13, 2022

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO... Critical Unreviewed

CVE-2017-14803 was published May 13, 2022

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the... Critical Unreviewed

CVE-2017-14907 was published May 13, 2022

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key... Critical Unreviewed

CVE-2017-16920 was published May 13, 2022

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and... Critical Unreviewed

CVE-2017-16861 was published May 13, 2022

In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A,... Critical Unreviewed

CVE-2017-14910 was published May 13, 2022

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a... Critical Unreviewed

CVE-2017-1710 was published May 13, 2022

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Critical Unreviewed

CVE-2017-15032 was published May 13, 2022

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently... Critical Unreviewed

CVE-2017-14942 was published May 13, 2022

Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell... Critical Unreviewed

CVE-2017-16926 was published May 13, 2022

Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because... Critical Unreviewed

CVE-2017-15226 was published May 13, 2022

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,... Critical Unreviewed

CVE-2017-17301 was published May 13, 2022

validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to... Critical Unreviewed

CVE-2017-17794 was published May 13, 2022

BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in... Critical Unreviewed

CVE-2020-35674 was published Sep 30, 2022

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username,... Critical Unreviewed

CVE-2017-16562 was published May 13, 2022

Xpress Server in SAP POS does not require authentication for read/write/delete file access. This... Critical Unreviewed

CVE-2017-15295 was published May 13, 2022

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration... Critical Unreviewed

CVE-2017-17759 was published May 13, 2022

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing... Critical Unreviewed

CVE-2017-16780 was published May 13, 2022

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and... Critical Unreviewed

CVE-2017-18129 was published May 13, 2022

Previous 1 2 … 395 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,736 advisories