Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the... High Unreviewed
CVE-2019-3786 was published May 24, 2022
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is... Critical Unreviewed
CVE-2019-11235 was published May 24, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated... High Unreviewed
CVE-2014-5406 was published May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in... High Unreviewed
CVE-2015-2908 was published May 17, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass... High Unreviewed
CVE-2016-3983 was published May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates... High Unreviewed
CVE-2016-2346 was published May 17, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and... High Unreviewed
CVE-2014-4936 was published May 17, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to... High Unreviewed
CVE-2016-2309 was published May 17, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep... High Unreviewed
CVE-2017-11379 was published May 17, 2022
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and... High Unreviewed
CVE-2014-2718 was published May 17, 2022
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for... Moderate Unreviewed
CVE-2015-9232 was published May 17, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker... Moderate Unreviewed
CVE-2017-2701 was published May 17, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific... High Unreviewed
CVE-2017-14091 was published May 14, 2022
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module... High Unreviewed
CVE-2014-8165 was published May 14, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle... Moderate Unreviewed
CVE-2017-1773 was published May 14, 2022
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings... High Unreviewed
CVE-2018-10080 was published May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer... High Unreviewed
CVE-2015-4674 was published May 14, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it... High Unreviewed
CVE-2016-1493 was published May 14, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote... Moderate Unreviewed
CVE-2015-0251 was published May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database