Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote... Moderate Unreviewed
CVE-2015-0251 was published May 14, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it... High Unreviewed
CVE-2016-1493 was published May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer... High Unreviewed
CVE-2015-4674 was published May 14, 2022
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings... High Unreviewed
CVE-2018-10080 was published May 14, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle... Moderate Unreviewed
CVE-2017-1773 was published May 14, 2022
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module... High Unreviewed
CVE-2014-8165 was published May 14, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific... High Unreviewed
CVE-2017-14091 was published May 14, 2022
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker... Moderate Unreviewed
CVE-2017-2701 was published May 17, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for... Moderate Unreviewed
CVE-2015-9232 was published May 17, 2022
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and... High Unreviewed
CVE-2014-2718 was published May 17, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep... High Unreviewed
CVE-2017-11379 was published May 17, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to... High Unreviewed
CVE-2016-2309 was published May 17, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and... High Unreviewed
CVE-2014-4936 was published May 17, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates... High Unreviewed
CVE-2016-2346 was published May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass... High Unreviewed
CVE-2016-3983 was published May 17, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in... High Unreviewed
CVE-2015-2908 was published May 17, 2022
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated... High Unreviewed
CVE-2014-5406 was published May 17, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is... Critical Unreviewed
CVE-2019-11235 was published May 24, 2022
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the... High Unreviewed
CVE-2019-3786 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API