GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,093
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,087
Maven 5,251
npm 3,751
NuGet 674
pip 3,437
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,691

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

674 advisories

Filter by severity

Sort by

Least recently updated

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent... Critical Unreviewed

CVE-2017-5226 was published May 13, 2022

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote... Critical Unreviewed

CVE-2010-4042 was published May 13, 2022

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and... Critical Unreviewed

CVE-2017-3881 was published May 13, 2022

An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server... Critical Unreviewed

CVE-2019-0786 was published May 13, 2022

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed

CVE-2017-16845 was published May 13, 2022

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This... Critical Unreviewed

CVE-2012-6696 was published May 13, 2022

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x... Critical Unreviewed

CVE-2017-9800 was published May 13, 2022

The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31... Critical Unreviewed

CVE-2014-9410 was published May 13, 2022

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled,... Critical Unreviewed

CVE-2018-0502 was published May 13, 2022

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated,... Critical Unreviewed

CVE-2018-13259 was published May 13, 2022

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2016-6374 was published May 13, 2022

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with... Critical Unreviewed

CVE-2018-7679 was published May 13, 2022

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier... Critical Unreviewed

CVE-2015-4664 was published May 13, 2022

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to... Critical Unreviewed

CVE-2016-2170 was published May 13, 2022

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over... Critical Unreviewed

CVE-2018-14620 was published May 13, 2022

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0... Critical Unreviewed

CVE-2016-6646 was published May 13, 2022

An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows... Critical Unreviewed

CVE-2016-0889 was published May 13, 2022

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system... Critical Unreviewed

CVE-2018-1000533 was published May 13, 2022

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary... Critical Unreviewed

CVE-2017-9034 was published May 13, 2022

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code... Critical Unreviewed

CVE-2017-4997 was published May 13, 2022

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed

CVE-2015-7705 was published May 13, 2022

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x... Critical Unreviewed

CVE-2016-2786 was published May 13, 2022

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed

CVE-2018-7237 was published May 13, 2022

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed

CVE-2018-7233 was published May 13, 2022

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed

CVE-2018-7232 was published May 13, 2022

Previous 1 2 … 23 24 25 26 27 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

674 advisories