Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

329 advisories

Loading
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript... Moderate Unreviewed
CVE-2014-10391 was published May 17, 2022
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Moderate Unreviewed
CVE-2014-10386 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM... Moderate Unreviewed
CVE-2015-7466 was published May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf... Moderate Unreviewed
CVE-2015-2704 was published May 17, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie... Moderate Unreviewed
CVE-2015-5841 was published May 17, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users... Moderate Unreviewed
CVE-2016-0881 was published May 17, 2022
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not... Moderate Unreviewed
CVE-2017-0154 was published May 17, 2022
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site... Moderate Unreviewed
CVE-2016-2980 was published May 17, 2022
The key-management component in Symantec PGP Universal Server and Encryption Management Server... Moderate Unreviewed
CVE-2014-7287 was published May 17, 2022
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX,... Moderate Unreviewed
CVE-2014-8910 was published May 17, 2022
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users... Moderate Unreviewed
CVE-2016-3695 was published May 14, 2022
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code... Moderate Unreviewed
CVE-2013-4578 was published May 14, 2022
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on... Moderate Unreviewed
CVE-2017-10963 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10... Moderate Unreviewed
CVE-2018-4235 was published May 14, 2022
RSS fields can inject new lines into the created email structure, modifying the message body.... Moderate Unreviewed
CVE-2017-7848 was published May 14, 2022
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and... Moderate Unreviewed
CVE-2016-5701 was published May 14, 2022
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. Moderate Unreviewed
CVE-2018-18207 was published May 14, 2022
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit... Moderate Unreviewed
CVE-2019-7351 was published May 14, 2022
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated... Moderate Unreviewed
CVE-2015-3013 was published May 14, 2022
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Moderate Unreviewed
CVE-2018-16627 was published May 14, 2022
An injection issue was addressed with improved validation. This issue affected versions prior to... Moderate Unreviewed
CVE-2018-4153 was published May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject... Moderate Unreviewed
CVE-2015-5462 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database