GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,332 advisories
Filter by severity
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei...
High
Unreviewed
CVE-2014-2271
was published
May 17, 2022
duplicity 0.6.24 has improper verification of SSL certificates
High
Unreviewed
CVE-2014-3495
was published
May 17, 2022
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to...
High
Unreviewed
CVE-2014-1867
was published
May 17, 2022
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all...
High
Unreviewed
CVE-2014-0212
was published
May 17, 2022
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers...
High
Unreviewed
CVE-2014-0242
was published
May 17, 2022
Openshift has shell command injection flaws due to unsanitized data being passed into shell...
High
Unreviewed
CVE-2014-0163
was published
May 17, 2022
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a...
High
Unreviewed
CVE-2014-5255
was published
May 17, 2022
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server...
High
Unreviewed
CVE-2014-2904
was published
May 17, 2022
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
High
Unreviewed
CVE-2014-2901
was published
May 17, 2022
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
High
Unreviewed
CVE-2014-2902
was published
May 17, 2022
Gamera before 3.4.1 insecurely creates temporary files.
High
Unreviewed
CVE-2014-1937
was published
May 17, 2022
sniffit 0.3.7 and prior: A configuration file can be leveraged to execute code as root
High
Unreviewed
CVE-2014-5439
was published
May 17, 2022
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
High
Unreviewed
CVE-2014-0021
was published
May 17, 2022
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary...
High
Unreviewed
CVE-2014-0023
was published
May 17, 2022
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for...
High
Unreviewed
CVE-2014-1214
was published
May 17, 2022
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a...
High
Unreviewed
CVE-2014-2304
was published
May 17, 2022
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file...
High
Unreviewed
CVE-2014-10396
was published
May 17, 2022
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file...
High
Unreviewed
CVE-2014-10397
was published
May 17, 2022
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
High
Unreviewed
CVE-2014-10381
was published
May 17, 2022
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content...
High
Unreviewed
CVE-2014-10375
was published
May 17, 2022
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled....
High
Unreviewed
CVE-2014-9699
was published
May 17, 2022
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network...
High
Unreviewed
CVE-2014-1426
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona...
High
Unreviewed
CVE-2013-4227
was published
May 5, 2022
TRENDnet TS-S402 has a backdoor to enable TELNET.
High
Unreviewed
CVE-2013-6360
was published
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API