Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

15 advisories

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS... Moderate Unreviewed
CVE-2015-3727 was published May 17, 2022
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library... High Unreviewed
CVE-2016-4331 was published May 17, 2022
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from... High Unreviewed
CVE-2016-4330 was published May 17, 2022
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact... High Unreviewed
CVE-2016-4333 was published May 17, 2022
The library's failure to check if certain message types support a particular flag, the HDF5 1.8... High Unreviewed
CVE-2016-4332 was published May 17, 2022
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote... Moderate Unreviewed
CVE-2016-3727 was published May 14, 2022
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain... Moderate Unreviewed
CVE-2015-6644 was published May 14, 2022
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2016-1000345 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2015-7940 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the other party DH public key is not fully validated Low
CVE-2016-1000346 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2016-1000341 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2016-1000339 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API