GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
348,257 advisories
Filter by severity
Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows...
Moderate
Unreviewed
CVE-2008-5119
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell...
Moderate
Unreviewed
CVE-2008-5093
was published
May 17, 2022
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8...
High
Unreviewed
CVE-2008-5103
was published
May 17, 2022
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local...
Moderate
Unreviewed
CVE-2008-5140
was published
May 17, 2022
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1...
Moderate
Unreviewed
CVE-2008-5117
was published
May 17, 2022
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through...
Moderate
Unreviewed
CVE-2008-5111
was published
May 17, 2022
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack...
Moderate
Unreviewed
CVE-2008-5154
was published
May 17, 2022
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote...
High
Unreviewed
CVE-2008-6578
was published
May 17, 2022
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote...
Moderate
Unreviewed
CVE-2008-6512
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3...
Moderate
Unreviewed
CVE-2008-6570
was published
May 17, 2022
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote...
Critical
Unreviewed
CVE-2015-5244
was published
May 17, 2022
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink...
Moderate
Unreviewed
CVE-2008-5138
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote...
Moderate
Unreviewed
CVE-2008-5172
was published
May 17, 2022
The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its...
Moderate
Unreviewed
CVE-2021-24595
was published
May 24, 2022
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its...
Moderate
Unreviewed
CVE-2021-24586
was published
May 24, 2022
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component:...
Moderate
Unreviewed
CVE-2021-35582
was published
May 24, 2022
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its...
Moderate
Unreviewed
CVE-2021-24642
was published
May 24, 2022
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability...
Critical
Unreviewed
CVE-2021-20136
was published
May 24, 2022
A restricted shell escape sequence is possible on Cradlepoint IBR900-600 7.2.60 devices that can...
High
Unreviewed
CVE-2021-37471
was published
May 24, 2022
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line,...
Moderate
Unreviewed
CVE-2021-28499
was published
May 24, 2022
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its...
Moderate
Unreviewed
CVE-2021-24685
was published
May 24, 2022
When Octopus Server is installed using a custom folder location, folder ACLs are not set...
High
Unreviewed
CVE-2021-26556
was published
May 24, 2022
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90...
Moderate
Unreviewed
CVE-2021-20832
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive...
High
Unreviewed
CVE-2021-40112
was published
May 24, 2022
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to...
Moderate
Unreviewed
CVE-2021-27004
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API