GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
237,221 advisories
Filter by severity
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots...
High
Unreviewed
CVE-2021-35197
was published
May 24, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept...
Moderate
Unreviewed
CVE-2021-36382
was published
May 24, 2022
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts...
High
Unreviewed
CVE-2021-0603
was published
May 24, 2022
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to...
High
Unreviewed
CVE-2021-0594
was published
May 24, 2022
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest...
High
Unreviewed
CVE-2021-0602
was published
May 24, 2022
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to...
Moderate
Unreviewed
CVE-2021-22233
was published
May 24, 2022
A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager...
Moderate
Unreviewed
CVE-2021-29152
was published
May 24, 2022
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery...
Critical
Unreviewed
CVE-2021-41393
was published
May 24, 2022
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing....
Moderate
Unreviewed
CVE-2021-21992
was published
May 24, 2022
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive...
High
Unreviewed
CVE-2021-40875
was published
May 24, 2022
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously...
High
Unreviewed
CVE-2021-40862
was published
May 24, 2022
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
High
Unreviewed
CVE-2017-7446
was published
May 17, 2022
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability....
High
Unreviewed
CVE-2017-7398
was published
May 17, 2022
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server...
Moderate
Unreviewed
CVE-2017-0167
was published
May 17, 2022
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3...
High
Unreviewed
CVE-2008-7218
was published
May 17, 2022
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service ...
High
Unreviewed
CVE-2008-7162
was published
May 17, 2022
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...
Moderate
Unreviewed
CVE-2017-0124
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10...
Moderate
Unreviewed
CVE-2017-2442
was published
May 17, 2022
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...
Moderate
Unreviewed
CVE-2017-0113
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote...
Moderate
Unreviewed
CVE-2008-7204
was published
May 17, 2022
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute...
High
Unreviewed
CVE-2008-7158
was published
May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1...
Moderate
Unreviewed
CVE-2008-7133
was published
May 17, 2022
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to...
High
Unreviewed
CVE-2008-7081
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote...
Moderate
Unreviewed
CVE-2008-7039
was published
May 17, 2022
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla!...
High
Unreviewed
CVE-2008-7033
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API