GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,532 advisories
Filter by severity
An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the...
Low
Unreviewed
CVE-2012-4767
was published
Apr 23, 2022
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1...
Low
Unreviewed
CVE-2012-5558
was published
Apr 23, 2022
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores...
Low
Unreviewed
CVE-2012-2148
was published
Apr 23, 2022
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
Low
Unreviewed
CVE-2012-5562
was published
Apr 23, 2022
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in...
Low
Unreviewed
CVE-2012-6655
was published
Apr 23, 2022
surf: cookie jar has read access from other local user
Low
Unreviewed
CVE-2012-0842
was published
Apr 23, 2022
uzbl: Information disclosure via world-readable cookies storage file
Low
Unreviewed
CVE-2012-0843
was published
Apr 23, 2022
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which...
Low
Unreviewed
CVE-2002-2000
was published
Apr 23, 2022
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke...
Low
Unreviewed
CVE-2011-4915
was published
Apr 22, 2022
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain...
Low
Unreviewed
CVE-2011-2343
was published
Apr 22, 2022
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php...
Low
Unreviewed
CVE-2011-3595
was published
Apr 22, 2022
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow...
Low
Unreviewed
CVE-2011-3585
was published
Apr 22, 2022
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ...
Low
Unreviewed
CVE-2011-3352
was published
Apr 22, 2022
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are...
Low
Unreviewed
CVE-2011-1488
was published
Apr 22, 2022
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4...
Low
Unreviewed
CVE-2011-4629
was published
Apr 22, 2022
Openstack nova qcow format could expose host filesystem information
Low
CVE-2011-3147
was published
for
nova
(pip)
Apr 22, 2022
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server...
Low
Unreviewed
CVE-2010-3282
was published
Apr 21, 2022
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and...
Low
Unreviewed
CVE-2010-3440
was published
Apr 21, 2022
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink...
Low
Unreviewed
CVE-2010-3095
was published
Apr 21, 2022
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them...
Low
Unreviewed
CVE-2010-3292
was published
Apr 21, 2022
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain...
Low
Unreviewed
CVE-2010-2473
was published
Apr 21, 2022
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version...
Low
Unreviewed
CVE-2010-2472
was published
Apr 21, 2022
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of...
Low
Unreviewed
CVE-2010-4178
was published
Apr 21, 2022
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client...
Low
Unreviewed
CVE-2009-3552
was published
Apr 21, 2022
liboping 1.3.2 allows users reading arbitrary files upon the local system.
Low
Unreviewed
CVE-2009-3614
was published
Apr 21, 2022
ProTip!
Advisories are also available from the
GraphQL API