Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

11,339 advisories

Loading
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
ansi_term is Unmaintained Low
GHSA-74w3-p89x-ffgh was published for ansi_term (Rust) Sep 16, 2022 withdrawn
kornelski Emilgardis
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory... Low Unreviewed
CVE-2023-20528 was published Jan 11, 2023
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by... Low Unreviewed
CVE-2020-12872 was published May 24, 2022
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to... Low Unreviewed
CVE-2021-0983 was published Dec 16, 2021
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the... Low Unreviewed
CVE-2022-24929 was published Mar 11, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key... Low Unreviewed
CVE-2021-36368 was published Mar 14, 2022
Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read... Low Unreviewed
CVE-2021-40769 was published Mar 17, 2022
Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read... Low Unreviewed
CVE-2021-40766 was published Mar 17, 2022
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4... Low Unreviewed
CVE-2011-1066 was published May 17, 2022
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2... Low Unreviewed
CVE-2011-0904 was published May 17, 2022
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a... Low Unreviewed
CVE-2011-0652 was published May 17, 2022
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java... Low Unreviewed
CVE-2011-0311 was published May 17, 2022
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly... Low Unreviewed
CVE-2011-0279 was published May 17, 2022
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable... Low Unreviewed
CVE-2011-0412 was published May 17, 2022
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and... Low Unreviewed
CVE-2010-4460 was published May 17, 2022
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the... Low Unreviewed
CVE-2011-0169 was published May 17, 2022
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended... Low Unreviewed
CVE-2010-4624 was published May 17, 2022
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database