Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,056 advisories

Loading
surf: cookie jar has read access from other local user Low Unreviewed
CVE-2012-0842 was published Apr 23, 2022
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which... Low Unreviewed
CVE-2002-2000 was published Apr 23, 2022
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke... Low Unreviewed
CVE-2011-4915 was published Apr 22, 2022
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain... Low Unreviewed
CVE-2011-2343 was published Apr 22, 2022
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php... Low Unreviewed
CVE-2011-3595 was published Apr 22, 2022
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow... Low Unreviewed
CVE-2011-3585 was published Apr 22, 2022
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ... Low Unreviewed
CVE-2011-3352 was published Apr 22, 2022
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are... Low Unreviewed
CVE-2011-1488 was published Apr 22, 2022
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4... Low Unreviewed
CVE-2011-4629 was published Apr 22, 2022
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server... Low Unreviewed
CVE-2010-3282 was published Apr 21, 2022
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and... Low Unreviewed
CVE-2010-3440 was published Apr 21, 2022
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them... Low Unreviewed
CVE-2010-3292 was published Apr 21, 2022
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink... Low Unreviewed
CVE-2010-3095 was published Apr 21, 2022
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain... Low Unreviewed
CVE-2010-2473 was published Apr 21, 2022
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version... Low Unreviewed
CVE-2010-2472 was published Apr 21, 2022
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of... Low Unreviewed
CVE-2010-4178 was published Apr 21, 2022
liboping 1.3.2 allows users reading arbitrary files upon the local system. Low Unreviewed
CVE-2009-3614 was published Apr 21, 2022
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client... Low Unreviewed
CVE-2009-3552 was published Apr 21, 2022
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a... Low Unreviewed
CVE-2009-0035 was published Apr 21, 2022
In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without... Low Unreviewed
CVE-2007-3732 was published Apr 21, 2022
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication... Low Unreviewed
CVE-2006-7246 was published Apr 21, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions... Low Unreviewed
CVE-2022-21423 was published Apr 20, 2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Low Unreviewed
CVE-2022-21443 was published Apr 20, 2022
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The... Low Unreviewed
CVE-2022-21487 was published Apr 20, 2022
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The... Low Unreviewed
CVE-2022-21488 was published Apr 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database