GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS...
Moderate
Unreviewed
CVE-2015-3727
was published
May 17, 2022
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library...
High
Unreviewed
CVE-2016-4331
was published
May 17, 2022
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from...
High
Unreviewed
CVE-2016-4330
was published
May 17, 2022
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact...
High
Unreviewed
CVE-2016-4333
was published
May 17, 2022
The library's failure to check if certain message types support a particular flag, the HDF5 1.8...
High
Unreviewed
CVE-2016-4332
was published
May 17, 2022
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote...
Moderate
Unreviewed
CVE-2016-3727
was published
May 14, 2022
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain...
Moderate
Unreviewed
CVE-2015-6644
was published
May 14, 2022
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000345
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2015-7940
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Low
CVE-2016-1000346
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
High
CVE-2016-1000343
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000341
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000339
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API