GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,736 advisories
Filter by severity
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow...
Critical
Unreviewed
CVE-2017-14378
was published
May 13, 2022
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache)...
Critical
Unreviewed
CVE-2017-15366
was published
May 13, 2022
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for...
Critical
Unreviewed
CVE-2017-15379
was published
May 13, 2022
Bamboo did not check that the name of a branch in a Mercurial repository contained argument...
Critical
Unreviewed
CVE-2017-14590
was published
May 13, 2022
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because...
Critical
Unreviewed
CVE-2017-14138
was published
May 13, 2022
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer...
Critical
Unreviewed
CVE-2017-15524
was published
May 13, 2022
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read...
Critical
Unreviewed
CVE-2017-14349
was published
May 13, 2022
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO...
Critical
Unreviewed
CVE-2017-14803
was published
May 13, 2022
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the...
Critical
Unreviewed
CVE-2017-14907
was published
May 13, 2022
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key...
Critical
Unreviewed
CVE-2017-16920
was published
May 13, 2022
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and...
Critical
Unreviewed
CVE-2017-16861
was published
May 13, 2022
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A,...
Critical
Unreviewed
CVE-2017-14910
was published
May 13, 2022
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a...
Critical
Unreviewed
CVE-2017-1710
was published
May 13, 2022
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Critical
Unreviewed
CVE-2017-15032
was published
May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently...
Critical
Unreviewed
CVE-2017-14942
was published
May 13, 2022
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell...
Critical
Unreviewed
CVE-2017-16926
was published
May 13, 2022
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because...
Critical
Unreviewed
CVE-2017-15226
was published
May 13, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,...
Critical
Unreviewed
CVE-2017-17301
was published
May 13, 2022
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to...
Critical
Unreviewed
CVE-2017-17794
was published
May 13, 2022
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in...
Critical
Unreviewed
CVE-2020-35674
was published
Sep 30, 2022
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username,...
Critical
Unreviewed
CVE-2017-16562
was published
May 13, 2022
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This...
Critical
Unreviewed
CVE-2017-15295
was published
May 13, 2022
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration...
Critical
Unreviewed
CVE-2017-17759
was published
May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and...
Critical
Unreviewed
CVE-2017-18129
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API