GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,736 advisories
Filter by severity
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon...
Critical
Unreviewed
CVE-2017-18130
was published
May 13, 2022
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which...
Critical
Unreviewed
CVE-2017-16935
was published
May 13, 2022
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any...
Critical
Unreviewed
CVE-2017-15597
was published
May 13, 2022
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view...
Critical
Unreviewed
CVE-2017-15877
was published
May 13, 2022
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended...
Critical
Unreviewed
CVE-2017-16885
was published
May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10...
Critical
Unreviewed
CVE-2017-16924
was published
May 13, 2022
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before...
Critical
Unreviewed
CVE-2017-18044
was published
May 13, 2022
The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on...
Critical
Unreviewed
CVE-2022-2314
was published
Aug 16, 2022
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in...
Critical
Unreviewed
CVE-2020-27602
was published
Sep 30, 2022
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx...
Critical
Unreviewed
CVE-2017-16743
was published
May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for...
Critical
Unreviewed
CVE-2017-15994
was published
May 13, 2022
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0...
Critical
Unreviewed
CVE-2017-2320
was published
May 13, 2022
Certain HP Print Products are potentially vulnerable to Remote Code Execution.
Critical
Unreviewed
CVE-2022-28721
was published
Sep 27, 2022
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global...
Critical
Unreviewed
CVE-2017-17736
was published
May 13, 2022
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6...
Critical
Unreviewed
CVE-2017-17067
was published
May 13, 2022
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary ...
Critical
Unreviewed
CVE-2017-17761
was published
May 13, 2022
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for...
Critical
Unreviewed
CVE-2017-15999
was published
May 13, 2022
An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP...
Critical
Unreviewed
CVE-2017-17101
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10...
Critical
Unreviewed
CVE-2017-2518
was published
May 13, 2022
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search...
Critical
Unreviewed
CVE-2017-17733
was published
May 13, 2022
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD...
Critical
Unreviewed
CVE-2017-17773
was published
May 13, 2022
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234...
Critical
Unreviewed
CVE-2017-16523
was published
May 13, 2022
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not...
Critical
Unreviewed
CVE-2017-1601
was published
May 13, 2022
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows...
Critical
Unreviewed
CVE-2017-18045
was published
May 13, 2022
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the...
Critical
Unreviewed
CVE-2017-18212
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API