GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
824 advisories
Filter by severity
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on...
Moderate
Unreviewed
CVE-2015-5746
was published
May 17, 2022
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
Moderate
Unreviewed
CVE-2022-0405
was published
Apr 4, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent...
Moderate
Unreviewed
CVE-2021-1515
was published
May 24, 2022
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials....
Moderate
Unreviewed
CVE-2020-25634
was published
May 24, 2022
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1...
Moderate
Unreviewed
CVE-2022-29417
was published
Apr 26, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when...
Moderate
Unreviewed
CVE-2020-27831
was published
May 24, 2022
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2021-1449
was published
May 24, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with...
Moderate
Unreviewed
CVE-2021-24845
was published
Dec 14, 2021
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and...
Moderate
Unreviewed
CVE-2015-3152
was published
May 14, 2022
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a...
Moderate
Unreviewed
CVE-2021-26262
was published
Nov 20, 2021
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior...
Moderate
Unreviewed
CVE-2020-14312
was published
May 24, 2022
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the...
Moderate
Unreviewed
CVE-2021-24238
was published
May 24, 2022
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability...
Moderate
Unreviewed
CVE-2021-24355
was published
May 24, 2022
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x...
Moderate
Unreviewed
CVE-2016-2960
was published
May 17, 2022
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes...
Moderate
Unreviewed
CVE-2016-1474
was published
May 17, 2022
Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0...
Moderate
Unreviewed
CVE-2016-3898
was published
May 17, 2022
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker...
Moderate
Unreviewed
CVE-2021-1467
was published
May 24, 2022
internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0...
Moderate
Unreviewed
CVE-2016-3883
was published
May 17, 2022
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4...
Moderate
Unreviewed
CVE-2021-24219
was published
May 24, 2022
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access...
Moderate
Unreviewed
CVE-2021-24584
was published
May 24, 2022
The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require...
Moderate
Unreviewed
CVE-2021-24788
was published
May 24, 2022
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky...
Moderate
Unreviewed
CVE-2016-4304
was published
May 17, 2022
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check...
Moderate
Unreviewed
CVE-2021-24405
was published
May 24, 2022
server/notification/NotificationManagerService.java in the Notification Manager Service in...
Moderate
Unreviewed
CVE-2016-3884
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API