GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,532 advisories
Filter by severity
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary...
Low
Unreviewed
CVE-2003-0193
was published
Apr 29, 2022
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link...
Low
Unreviewed
CVE-2003-0136
was published
Apr 29, 2022
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite...
Low
Unreviewed
CVE-2003-0120
was published
Apr 29, 2022
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows...
Low
Unreviewed
CVE-2003-0079
was published
Apr 29, 2022
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier...
Low
Unreviewed
CVE-2003-0071
was published
Apr 29, 2022
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which...
Low
Unreviewed
CVE-2003-0018
was published
Apr 29, 2022
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x...
Low
Unreviewed
CVE-2003-0012
was published
Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
Low
Unreviewed
CVE-2022-29816
was published
Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode...
Low
Unreviewed
CVE-2022-29812
was published
Apr 29, 2022
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was...
Low
Unreviewed
CVE-2022-29820
was published
Apr 29, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
OIDC Logout redirect in keycloak
Low
CVE-2020-10734
was published
for
org.keycloak:keycloak-oidc-client-adapter-pom
(Maven)
Apr 28, 2022
An insecure data storage vulnerability allows a physical attacker with root privileges to...
Low
Unreviewed
CVE-2021-25266
was published
Apr 28, 2022
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by...
Low
Unreviewed
CVE-2012-3341
was published
Apr 23, 2022
systemd 37-1 does not properly handle non-existent services, which causes a denial of service ...
Low
Unreviewed
CVE-2012-1101
was published
Apr 23, 2022
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
Low
Unreviewed
CVE-2012-0844
was published
Apr 23, 2022
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers...
Low
Unreviewed
CVE-2012-1932
was published
Apr 23, 2022
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess...
Low
Unreviewed
CVE-2012-1903
was published
Apr 23, 2022
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8...
Low
Unreviewed
CVE-2012-1500
was published
Apr 23, 2022
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
Low
Unreviewed
CVE-2012-1994
was published
Apr 23, 2022
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS...
Low
Unreviewed
CVE-2012-6449
was published
Apr 23, 2022
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential...
Low
Unreviewed
CVE-2012-6340
was published
Apr 23, 2022
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
Low
Unreviewed
CVE-2012-5776
was published
Apr 23, 2022
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via...
Low
Unreviewed
CVE-2012-6114
was published
Apr 23, 2022
ProTip!
Advisories are also available from the
GraphQL API