Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,649
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. High Unreviewed
CVE-2017-5123 was published May 24, 2022
A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing... High Unreviewed
CVE-2021-27038 was published May 24, 2022
A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read... High Unreviewed
CVE-2021-27039 was published May 24, 2022
A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used... High Unreviewed
CVE-2021-27037 was published May 24, 2022
A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017,... High Unreviewed
CVE-2021-27034 was published May 24, 2022
A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can... High Unreviewed
CVE-2021-27035 was published May 24, 2022
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer... High Unreviewed
CVE-2021-27036 was published May 24, 2022
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x... High Unreviewed
CVE-2020-13776 was published May 24, 2022
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). Moderate Unreviewed
CVE-2017-18452 was published May 24, 2022
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). Moderate Unreviewed
CVE-2017-18454 was published May 24, 2022
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). Moderate Unreviewed
CVE-2017-18453 was published May 24, 2022
cPanel before 64.0.21 allows certain file-chmod operations via /scripts... Moderate Unreviewed
CVE-2017-18450 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC... Moderate Unreviewed
CVE-2017-18447 was published May 24, 2022
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC... Moderate Unreviewed
CVE-2017-18448 was published May 24, 2022
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the... Moderate Unreviewed
CVE-2017-18446 was published May 24, 2022
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account... Moderate Unreviewed
CVE-2017-18449 was published May 24, 2022
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval... Moderate Unreviewed
CVE-2017-18451 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). Moderate Unreviewed
CVE-2017-18441 was published May 24, 2022
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). Moderate Unreviewed
CVE-2017-18440 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). Moderate Unreviewed
CVE-2017-18442 was published May 24, 2022
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). Moderate Unreviewed
CVE-2017-18445 was published May 24, 2022
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). Moderate Unreviewed
CVE-2017-18437 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). Moderate Unreviewed
CVE-2017-18444 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). Moderate Unreviewed
CVE-2017-18438 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). High Unreviewed
CVE-2017-18435 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API