Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1... Critical Unreviewed
CVE-2016-5745 was published May 17, 2022
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before... Critical Unreviewed
CVE-2016-5700 was published May 17, 2022
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and... Critical Unreviewed
CVE-2016-5580 was published May 17, 2022
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply... Critical Unreviewed
CVE-2016-5599 was published May 17, 2022
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows... Critical Unreviewed
CVE-2016-4373 was published May 17, 2022
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 Critical Unreviewed
CVE-2015-1000009 was published May 17, 2022
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random... Critical Unreviewed
CVE-2016-0391 was published May 17, 2022
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier... Critical Unreviewed
CVE-2016-5302 was published May 17, 2022
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions... Critical Unreviewed
CVE-2016-4501 was published May 17, 2022
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211... Critical Unreviewed
CVE-2016-2275 was published May 17, 2022
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. Critical Unreviewed
CVE-2017-5863 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580,... Critical Unreviewed
CVE-2018-7847 was published May 24, 2022
Symfony Incorrect Access Control Critical
CVE-2017-11365 was published for symfony/security (Composer) May 24, 2022
An Insufficient Access Control vulnerability (leading to credential disclosure) in... Critical Unreviewed
CVE-2018-17148 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2729 was published May 24, 2022
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and... Critical Unreviewed
CVE-2018-14885 was published May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to... Critical Unreviewed
CVE-2019-9884 was published May 24, 2022
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based... Critical Unreviewed
CVE-2017-18543 was published May 24, 2022
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to... Critical Unreviewed
CVE-2018-21007 was published May 24, 2022
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows... Critical Unreviewed
CVE-2019-9531 was published May 24, 2022
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed
CVE-2019-5644 was published May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16,... Critical Unreviewed
CVE-2020-10731 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database