GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,649
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
High
Unreviewed
CVE-2017-5123
was published
May 24, 2022
A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing...
High
Unreviewed
CVE-2021-27038
was published
May 24, 2022
A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read...
High
Unreviewed
CVE-2021-27039
was published
May 24, 2022
A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used...
High
Unreviewed
CVE-2021-27037
was published
May 24, 2022
A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017,...
High
Unreviewed
CVE-2021-27034
was published
May 24, 2022
A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can...
High
Unreviewed
CVE-2021-27035
was published
May 24, 2022
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer...
High
Unreviewed
CVE-2021-27036
was published
May 24, 2022
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x...
High
Unreviewed
CVE-2020-13776
was published
May 24, 2022
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
Moderate
Unreviewed
CVE-2017-18452
was published
May 24, 2022
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
Moderate
Unreviewed
CVE-2017-18454
was published
May 24, 2022
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).
Moderate
Unreviewed
CVE-2017-18453
was published
May 24, 2022
cPanel before 64.0.21 allows certain file-chmod operations via /scripts...
Moderate
Unreviewed
CVE-2017-18450
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC...
Moderate
Unreviewed
CVE-2017-18447
was published
May 24, 2022
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC...
Moderate
Unreviewed
CVE-2017-18448
was published
May 24, 2022
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the...
Moderate
Unreviewed
CVE-2017-18446
was published
May 24, 2022
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account...
Moderate
Unreviewed
CVE-2017-18449
was published
May 24, 2022
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval...
Moderate
Unreviewed
CVE-2017-18451
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
Moderate
Unreviewed
CVE-2017-18441
was published
May 24, 2022
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
Moderate
Unreviewed
CVE-2017-18440
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
Moderate
Unreviewed
CVE-2017-18442
was published
May 24, 2022
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
Moderate
Unreviewed
CVE-2017-18445
was published
May 24, 2022
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
Moderate
Unreviewed
CVE-2017-18437
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
Moderate
Unreviewed
CVE-2017-18444
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
Moderate
Unreviewed
CVE-2017-18438
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
High
Unreviewed
CVE-2017-18435
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API