Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices... Moderate Unreviewed
CVE-2015-6343 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1)... Moderate Unreviewed
CVE-2015-6330 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows... Moderate Unreviewed
CVE-2015-5670 was published May 17, 2022
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not... Moderate Unreviewed
CVE-2011-2224 was published May 17, 2022
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows... Moderate Unreviewed
CVE-2015-7899 was published May 17, 2022
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which... Moderate Unreviewed
CVE-2015-7859 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509,... Moderate Unreviewed
CVE-2015-3970 was published May 17, 2022
The Echo extension for MediWiki does not properly implement the hideuser functionality, which... Moderate Unreviewed
CVE-2015-8007 was published May 17, 2022
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before... Moderate Unreviewed
CVE-2015-7395 was published May 17, 2022
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL... Moderate Unreviewed
CVE-2015-5655 was published May 17, 2022
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality,... Moderate Unreviewed
CVE-2014-4284 was published May 17, 2022
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail... Moderate Unreviewed
CVE-2015-8005 was published May 17, 2022
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1... Moderate Unreviewed
CVE-2014-6553 was published May 17, 2022
OWASP AntiSamy Cross-site Scripting vulnerability Moderate
CVE-2017-14735 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary... Moderate Unreviewed
CVE-2013-3646 was published May 17, 2022
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services... Moderate Unreviewed
CVE-2013-2599 was published May 17, 2022
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11... Moderate Unreviewed
CVE-2014-4300 was published May 17, 2022
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business... Moderate Unreviewed
CVE-2014-4281 was published May 17, 2022
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the... Moderate Unreviewed
CVE-2015-3996 was published May 17, 2022
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0... Moderate Unreviewed
CVE-2015-5954 was published May 17, 2022
3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2015-6484 was published May 17, 2022
Unspecified vulnerability in the Application Performance Management component in Oracle... Moderate Unreviewed
CVE-2014-6557 was published May 17, 2022
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different... Moderate Unreviewed
CVE-2015-7902 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory... Moderate Unreviewed
CVE-2014-5212 was published May 17, 2022
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular... Moderate Unreviewed
CVE-2014-0477 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database