GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
983 advisories
Filter by severity
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows...
Low
Unreviewed
CVE-2015-8100
was published
May 17, 2022
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3...
Low
Unreviewed
CVE-2015-7885
was published
May 17, 2022
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE...
Low
Unreviewed
CVE-2015-6847
was published
May 17, 2022
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client...
Low
Unreviewed
CVE-2015-7080
was published
May 17, 2022
CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which...
Low
Unreviewed
CVE-2015-5898
was published
May 17, 2022
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and...
Low
Unreviewed
CVE-2015-1127
was published
May 17, 2022
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7...
Low
Unreviewed
CVE-2015-1890
was published
May 17, 2022
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data...
Low
Unreviewed
CVE-2015-5842
was published
May 17, 2022
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials...
Low
Unreviewed
CVE-2015-5832
was published
May 17, 2022
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information...
Low
Unreviewed
CVE-2016-5849
was published
May 17, 2022
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive...
Low
Unreviewed
CVE-2015-5878
was published
May 17, 2022
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory...
Low
Unreviewed
CVE-2015-5864
was published
May 17, 2022
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain...
Low
Unreviewed
CVE-2015-5870
was published
May 17, 2022
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash...
Low
Unreviewed
CVE-2015-5901
was published
May 17, 2022
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for...
Low
Unreviewed
CVE-2015-0777
was published
May 17, 2022
The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3...
Low
Unreviewed
CVE-2015-6375
was published
May 17, 2022
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen...
Low
Unreviewed
CVE-2016-1852
was published
May 17, 2022
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate...
Low
Unreviewed
CVE-2016-3002
was published
May 17, 2022
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts...
Low
Unreviewed
CVE-2015-6641
was published
May 17, 2022
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use...
Low
Unreviewed
CVE-2016-5812
was published
May 17, 2022
Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover...
Low
Unreviewed
CVE-2015-3949
was published
May 17, 2022
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by...
Low
Unreviewed
CVE-2016-2949
was published
May 17, 2022
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before...
Low
Unreviewed
CVE-2016-1849
was published
May 17, 2022
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp...
Low
Unreviewed
CVE-2016-0259
was published
May 17, 2022
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive...
Low
Unreviewed
CVE-2014-4702
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API