Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

9,590 advisories

Loading
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1... Low Unreviewed
CVE-2012-5558 was published Apr 23, 2022
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers... Low Unreviewed
CVE-2012-1932 was published Apr 23, 2022
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. Low Unreviewed
CVE-2012-5776 was published Apr 23, 2022
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication... Low Unreviewed
CVE-2006-7246 was published Apr 21, 2022
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite Low Unreviewed
CVE-2012-5562 was published Apr 23, 2022
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and... Low Unreviewed
CVE-2010-3440 was published Apr 21, 2022
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version... Low Unreviewed
CVE-2010-2472 was published Apr 21, 2022
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink... Low Unreviewed
CVE-2010-3095 was published Apr 21, 2022
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them... Low Unreviewed
CVE-2010-3292 was published Apr 21, 2022
Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle... Low Unreviewed
CVE-2015-4825 was published May 17, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain... Low Unreviewed
CVE-2015-3778 was published May 17, 2022
An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the... Low Unreviewed
CVE-2012-4767 was published Apr 23, 2022
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via... Low Unreviewed
CVE-2012-6114 was published Apr 23, 2022
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8... Low Unreviewed
CVE-2012-1500 was published Apr 23, 2022
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. Low Unreviewed
CVE-2012-0844 was published Apr 23, 2022
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by... Low Unreviewed
CVE-2012-3341 was published Apr 23, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:... Low Unreviewed
CVE-2018-3139 was published May 13, 2022
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain... Low Unreviewed
CVE-2011-2343 was published Apr 22, 2022
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information Low Unreviewed
CVE-2012-1994 was published Apr 23, 2022
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess... Low Unreviewed
CVE-2012-1903 was published Apr 23, 2022
surf: cookie jar has read access from other local user Low Unreviewed
CVE-2012-0842 was published Apr 23, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:... Low Unreviewed
CVE-2018-3136 was published May 13, 2022
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores... Low Unreviewed
CVE-2012-2148 was published Apr 23, 2022
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in... Low Unreviewed
CVE-2012-6655 was published Apr 23, 2022
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15... Low Unreviewed
CVE-2022-36866 was published Sep 10, 2022
ProTip! Advisories are also available from the GraphQL API