GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,590 advisories
Filter by severity
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1...
Low
Unreviewed
CVE-2012-5558
was published
Apr 23, 2022
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers...
Low
Unreviewed
CVE-2012-1932
was published
Apr 23, 2022
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
Low
Unreviewed
CVE-2012-5776
was published
Apr 23, 2022
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication...
Low
Unreviewed
CVE-2006-7246
was published
Apr 21, 2022
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
Low
Unreviewed
CVE-2012-5562
was published
Apr 23, 2022
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and...
Low
Unreviewed
CVE-2010-3440
was published
Apr 21, 2022
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version...
Low
Unreviewed
CVE-2010-2472
was published
Apr 21, 2022
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink...
Low
Unreviewed
CVE-2010-3095
was published
Apr 21, 2022
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them...
Low
Unreviewed
CVE-2010-3292
was published
Apr 21, 2022
Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle...
Low
Unreviewed
CVE-2015-4825
was published
May 17, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain...
Low
Unreviewed
CVE-2015-3778
was published
May 17, 2022
An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the...
Low
Unreviewed
CVE-2012-4767
was published
Apr 23, 2022
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via...
Low
Unreviewed
CVE-2012-6114
was published
Apr 23, 2022
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8...
Low
Unreviewed
CVE-2012-1500
was published
Apr 23, 2022
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
Low
Unreviewed
CVE-2012-0844
was published
Apr 23, 2022
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by...
Low
Unreviewed
CVE-2012-3341
was published
Apr 23, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:...
Low
Unreviewed
CVE-2018-3139
was published
May 13, 2022
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain...
Low
Unreviewed
CVE-2011-2343
was published
Apr 22, 2022
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
Low
Unreviewed
CVE-2012-1994
was published
Apr 23, 2022
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess...
Low
Unreviewed
CVE-2012-1903
was published
Apr 23, 2022
surf: cookie jar has read access from other local user
Low
Unreviewed
CVE-2012-0842
was published
Apr 23, 2022
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:...
Low
Unreviewed
CVE-2018-3136
was published
May 13, 2022
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores...
Low
Unreviewed
CVE-2012-2148
was published
Apr 23, 2022
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in...
Low
Unreviewed
CVE-2012-6655
was published
Apr 23, 2022
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15...
Low
Unreviewed
CVE-2022-36866
was published
Sep 10, 2022
ProTip!
Advisories are also available from the
GraphQL API