GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,227 advisories
Filter by severity
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to...
High
Unreviewed
CVE-2010-1234
was published
Apr 23, 2022
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to...
High
Unreviewed
CVE-2001-0001
was published
Apr 23, 2022
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input...
High
Unreviewed
CVE-2011-4558
was published
Apr 22, 2022
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF)...
High
Unreviewed
CVE-2011-3582
was published
Apr 22, 2022
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
High
Unreviewed
CVE-2011-4322
was published
Apr 22, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in...
High
Unreviewed
CVE-2011-2934
was published
Apr 22, 2022
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank...
High
Unreviewed
CVE-2011-2187
was published
Apr 22, 2022
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
High
Unreviewed
CVE-2011-4310
was published
Apr 22, 2022
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain...
High
Unreviewed
CVE-2011-4082
was published
Apr 22, 2022
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way...
High
Unreviewed
CVE-2011-3630
was published
Apr 22, 2022
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local...
High
Unreviewed
CVE-2011-3632
was published
Apr 22, 2022
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT...
High
Unreviewed
CVE-2011-3596
was published
Apr 22, 2022
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to...
High
Unreviewed
CVE-2011-3355
was published
Apr 22, 2022
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system...
High
Unreviewed
CVE-2011-3351
was published
Apr 22, 2022
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
High
Unreviewed
CVE-2011-0529
was published
Apr 22, 2022
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local...
High
Unreviewed
CVE-2011-2922
was published
Apr 22, 2022
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files...
High
Unreviewed
CVE-2011-3349
was published
Apr 22, 2022
tog-Pegasus has a package hash collision DoS vulnerability
High
Unreviewed
CVE-2011-4967
was published
Apr 22, 2022
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a...
High
Unreviewed
CVE-2011-2910
was published
Apr 22, 2022
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the...
High
Unreviewed
CVE-2011-2726
was published
Apr 22, 2022
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow...
High
Unreviewed
CVE-2011-1145
was published
Apr 22, 2022
gpw generates shorter passwords than required
High
Unreviewed
CVE-2011-4931
was published
Apr 22, 2022
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability...
High
Unreviewed
CVE-2011-2538
was published
Apr 22, 2022
The user-access-manager plugin before 1.2 for WordPress has CSRF.
High
Unreviewed
CVE-2011-5328
was published
Apr 22, 2022
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.
High
Unreviewed
CVE-2011-1830
was published
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API