GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,058
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
238,920 advisories
Filter by severity
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously...
High
Unreviewed
CVE-2021-40862
was published
May 24, 2022
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service...
High
Unreviewed
CVE-2021-22008
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
High
Unreviewed
CVE-2021-40104
was published
May 24, 2022
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing....
Moderate
Unreviewed
CVE-2021-21992
was published
May 24, 2022
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4...
High
Unreviewed
CVE-2021-34415
was published
May 24, 2022
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots...
High
Unreviewed
CVE-2021-35197
was published
May 24, 2022
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to...
Moderate
Unreviewed
CVE-2021-22233
was published
May 24, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept...
Moderate
Unreviewed
CVE-2021-36382
was published
May 24, 2022
A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager...
Moderate
Unreviewed
CVE-2021-29152
was published
May 24, 2022
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to...
High
Unreviewed
CVE-2021-0594
was published
May 24, 2022
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts...
High
Unreviewed
CVE-2021-0603
was published
May 24, 2022
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest...
High
Unreviewed
CVE-2021-0602
was published
May 24, 2022
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff...
High
Unreviewed
CVE-2020-35524
was published
May 24, 2022
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows...
High
Unreviewed
CVE-2020-24994
was published
May 24, 2022
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary...
Moderate
Unreviewed
CVE-2016-5253
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2...
Moderate
Unreviewed
CVE-2016-4170
was published
May 17, 2022
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x...
Moderate
Unreviewed
CVE-2016-2960
was published
May 17, 2022
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
High
Unreviewed
CVE-2017-0103
was published
May 17, 2022
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and...
Moderate
Unreviewed
CVE-2017-0060
was published
May 17, 2022
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote...
High
Unreviewed
CVE-2008-6987
was published
May 17, 2022
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL...
High
Unreviewed
CVE-2008-6837
was published
May 17, 2022
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...
Moderate
Unreviewed
CVE-2017-0112
was published
May 17, 2022
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...
Moderate
Unreviewed
CVE-2017-0092
was published
May 17, 2022
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow,...
Critical
Unreviewed
CVE-2016-7134
was published
May 17, 2022
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a...
Moderate
Unreviewed
CVE-2008-7008
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API