Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,482 advisories

Loading
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript... Moderate Unreviewed
CVE-2014-10391 was published May 17, 2022
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. Moderate Unreviewed
CVE-2014-10394 was published May 17, 2022
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Moderate Unreviewed
CVE-2014-10386 was published May 17, 2022
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote... High Unreviewed
CVE-2014-8423 was published May 17, 2022
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to... High Unreviewed
CVE-2015-1169 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM... Moderate Unreviewed
CVE-2015-7466 was published May 17, 2022
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0... Low Unreviewed
CVE-2015-0116 was published May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain... High Unreviewed
CVE-2016-5685 was published May 17, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf... Moderate Unreviewed
CVE-2015-2704 was published May 17, 2022
libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes... High Unreviewed
CVE-2015-3205 was published May 17, 2022
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows... High Unreviewed
CVE-2016-2204 was published May 17, 2022
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie... Moderate Unreviewed
CVE-2015-5841 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1... High Unreviewed
CVE-2016-6754 was published May 17, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users... Moderate Unreviewed
CVE-2016-0881 was published May 17, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for codeigniter4/framework (Composer) May 17, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify... High Unreviewed
CVE-2015-8258 was published May 17, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0... Critical Unreviewed
CVE-2016-1155 was published May 17, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of... High Unreviewed
CVE-2017-2140 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database