GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,436
Erlang
29
GitHub Actions
16
Go
1,661
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,156 advisories
Filter by severity
[This CNA information record relates to multiple CVEs; the
text explains which aspects...
Moderate
Unreviewed
CVE-2023-34328
was published
Jan 5, 2024
[This CNA information record relates to multiple CVEs; the
text explains which aspects...
Moderate
Unreviewed
CVE-2023-34327
was published
Jan 5, 2024
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to...
High
Unreviewed
CVE-2015-5334
was published
May 24, 2022
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and...
Moderate
Unreviewed
CVE-2015-9356
was published
May 24, 2022
modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race condition between the time...
High
Unreviewed
CVE-2019-13178
was published
May 24, 2022
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote...
High
Unreviewed
CVE-2014-3513
was published
May 17, 2022
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1...
Moderate
Unreviewed
CVE-2014-3509
was published
May 17, 2022
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in...
Moderate
Unreviewed
CVE-2014-3511
was published
May 17, 2022
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0...
Moderate
Unreviewed
CVE-2014-3508
was published
May 17, 2022
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0...
High
Unreviewed
CVE-2014-3567
was published
May 17, 2022
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce...
Moderate
Unreviewed
CVE-2014-3568
was published
May 17, 2022
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong...
Low
Unreviewed
CVE-2014-3956
was published
May 17, 2022
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic...
Moderate
Unreviewed
CVE-2014-3566
was published
May 17, 2022
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions,...
Moderate
Unreviewed
CVE-2014-9702
was published
May 17, 2022
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows...
Moderate
Unreviewed
CVE-2014-7951
was published
May 17, 2022
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other...
Moderate
Unreviewed
CVE-2014-8128
was published
May 17, 2022
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2014-9753
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8...
Low
Unreviewed
CVE-2014-3827
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search...
Moderate
Unreviewed
CVE-2014-9470
was published
May 17, 2022
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager...
Moderate
Unreviewed
CVE-2014-7863
was published
May 17, 2022
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows...
Moderate
Unreviewed
CVE-2014-8141
was published
May 17, 2022
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.
Moderate
Unreviewed
CVE-2014-8126
was published
May 17, 2022
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows...
Moderate
Unreviewed
CVE-2014-8139
was published
May 17, 2022
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows...
Moderate
Unreviewed
CVE-2014-8140
was published
May 17, 2022
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and...
Moderate
Unreviewed
CVE-2014-9481
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API