GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
29
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,832
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak...
High
Unreviewed
CVE-2021-3800
was published
Aug 24, 2022
A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing...
High
Unreviewed
CVE-2021-27038
was published
May 24, 2022
A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read...
High
Unreviewed
CVE-2021-27039
was published
May 24, 2022
A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used...
High
Unreviewed
CVE-2021-27037
was published
May 24, 2022
A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can...
High
Unreviewed
CVE-2021-27035
was published
May 24, 2022
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer...
High
Unreviewed
CVE-2021-27036
was published
May 24, 2022
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
Low
Unreviewed
CVE-2017-18425
was published
May 24, 2022
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using...
Moderate
Unreviewed
CVE-2017-18430
was published
May 24, 2022
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0...
Moderate
Unreviewed
CVE-2017-11441
was published
May 17, 2022
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service ...
High
Unreviewed
CVE-2016-8666
was published
May 14, 2022
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the...
Moderate
Unreviewed
CVE-2017-16250
was published
May 14, 2022
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could...
High
Unreviewed
CVE-2017-16251
was published
May 14, 2022
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows...
High
Unreviewed
CVE-2017-0004
was published
May 14, 2022
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
High
CVE-2017-7561
was published
for
org.jboss.resteas:resteasy-jaxrs
(Maven)
May 13, 2022
Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker...
Moderate
Unreviewed
CVE-2017-5703
was published
May 13, 2022
It was found in EAP 7 before 7.0.9 that properties based files of the management and the...
Moderate
Unreviewed
CVE-2017-12167
was published
May 13, 2022
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application...
High
Unreviewed
CVE-2017-12189
was published
May 13, 2022
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name...
Moderate
Unreviewed
CVE-2017-5246
was published
May 13, 2022
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write...
Moderate
Unreviewed
CVE-2017-15906
was published
May 13, 2022
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if...
High
Unreviewed
CVE-2017-15710
was published
May 13, 2022
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a...
High
Unreviewed
CVE-2017-15715
was published
May 13, 2022
A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and...
High
Unreviewed
CVE-2021-40167
was published
Jan 26, 2022
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API