Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
29
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,832
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+

24 advisories

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak... High Unreviewed
CVE-2021-3800 was published Aug 24, 2022
A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing... High Unreviewed
CVE-2021-27038 was published May 24, 2022
A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read... High Unreviewed
CVE-2021-27039 was published May 24, 2022
A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used... High Unreviewed
CVE-2021-27037 was published May 24, 2022
A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can... High Unreviewed
CVE-2021-27035 was published May 24, 2022
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer... High Unreviewed
CVE-2021-27036 was published May 24, 2022
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). Low Unreviewed
CVE-2017-18425 was published May 24, 2022
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using... Moderate Unreviewed
CVE-2017-18430 was published May 24, 2022
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0... Moderate Unreviewed
CVE-2017-11441 was published May 17, 2022
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service ... High Unreviewed
CVE-2016-8666 was published May 14, 2022
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the... Moderate Unreviewed
CVE-2017-16250 was published May 14, 2022
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could... High Unreviewed
CVE-2017-16251 was published May 14, 2022
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows... High Unreviewed
CVE-2017-0004 was published May 14, 2022
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteas:resteasy-jaxrs (Maven) May 13, 2022
Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker... Moderate Unreviewed
CVE-2017-5703 was published May 13, 2022
It was found in EAP 7 before 7.0.9 that properties based files of the management and the... Moderate Unreviewed
CVE-2017-12167 was published May 13, 2022
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application... High Unreviewed
CVE-2017-12189 was published May 13, 2022
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name... Moderate Unreviewed
CVE-2017-5246 was published May 13, 2022
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write... Moderate Unreviewed
CVE-2017-15906 was published May 13, 2022
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if... High Unreviewed
CVE-2017-15710 was published May 13, 2022
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a... High Unreviewed
CVE-2017-15715 was published May 13, 2022
A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and... High Unreviewed
CVE-2021-40167 was published Jan 26, 2022
Integer overflow in base64 Critical
CVE-2017-1000430 was published for base64 (Rust) Aug 25, 2021
Remote code execution occurs in Apache Solr Critical
CVE-2017-12629 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
ProTip! Advisories are also available from the GraphQL API