Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,436
Erlang
29
GitHub Actions
16
Go
1,661
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,156 advisories

[This CNA information record relates to multiple CVEs; the text explains which aspects... Moderate Unreviewed
CVE-2023-34328 was published Jan 5, 2024
[This CNA information record relates to multiple CVEs; the text explains which aspects... Moderate Unreviewed
CVE-2023-34327 was published Jan 5, 2024
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to... High Unreviewed
CVE-2015-5334 was published May 24, 2022
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and... Moderate Unreviewed
CVE-2015-9356 was published May 24, 2022
modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race condition between the time... High Unreviewed
CVE-2019-13178 was published May 24, 2022
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote... High Unreviewed
CVE-2014-3513 was published May 17, 2022
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1... Moderate Unreviewed
CVE-2014-3509 was published May 17, 2022
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in... Moderate Unreviewed
CVE-2014-3511 was published May 17, 2022
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0... Moderate Unreviewed
CVE-2014-3508 was published May 17, 2022
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0... High Unreviewed
CVE-2014-3567 was published May 17, 2022
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce... Moderate Unreviewed
CVE-2014-3568 was published May 17, 2022
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong... Low Unreviewed
CVE-2014-3956 was published May 17, 2022
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic... Moderate Unreviewed
CVE-2014-3566 was published May 17, 2022
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions,... Moderate Unreviewed
CVE-2014-9702 was published May 17, 2022
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows... Moderate Unreviewed
CVE-2014-7951 was published May 17, 2022
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other... Moderate Unreviewed
CVE-2014-8128 was published May 17, 2022
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2014-9753 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8... Low Unreviewed
CVE-2014-3827 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search... Moderate Unreviewed
CVE-2014-9470 was published May 17, 2022
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager... Moderate Unreviewed
CVE-2014-7863 was published May 17, 2022
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows... Moderate Unreviewed
CVE-2014-8141 was published May 17, 2022
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. Moderate Unreviewed
CVE-2014-8126 was published May 17, 2022
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows... Moderate Unreviewed
CVE-2014-8139 was published May 17, 2022
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows... Moderate Unreviewed
CVE-2014-8140 was published May 17, 2022
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and... Moderate Unreviewed
CVE-2014-9481 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API