Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,065 advisories

Loading
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10... Moderate Unreviewed
CVE-2017-2497 was published May 17, 2022
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an... Moderate Unreviewed
CVE-2017-1223 was published May 17, 2022
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. Moderate Unreviewed
CVE-2022-23078 was published Jun 23, 2022
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing... Moderate Unreviewed
CVE-2017-9464 was published May 17, 2022
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an... Moderate Unreviewed
CVE-2017-1287 was published May 17, 2022
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to... Moderate Unreviewed
CVE-2017-11586 was published May 17, 2022
If the user enables the https function on the device, an attacker can modify the user’s request... Moderate Unreviewed
CVE-2022-30562 was published Jun 29, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing... Moderate Unreviewed
CVE-2016-8953 was published May 17, 2022
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated,... Moderate Unreviewed
CVE-2017-3799 was published May 17, 2022
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated,... Moderate Unreviewed
CVE-2017-3810 was published May 17, 2022
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow... Moderate Unreviewed
CVE-2017-3840 was published May 17, 2022
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that... Moderate Unreviewed
CVE-2022-29272 was published Jun 30, 2022
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software... Moderate Unreviewed
CVE-2017-6604 was published May 17, 2022
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open... Moderate Unreviewed
CVE-2017-5002 was published May 17, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing... Moderate Unreviewed
CVE-2016-8947 was published May 17, 2022
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can... Moderate Unreviewed
CVE-2022-32444 was published Jun 18, 2022
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php... Moderate Unreviewed
CVE-2017-12138 was published May 17, 2022
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. Moderate Unreviewed
CVE-2017-11718 was published May 17, 2022
Apache Helix UI vulnerable to Open Redirect Moderate
CVE-2022-47500 was published for org.apache.helix:helix (Maven) Dec 19, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an... Moderate Unreviewed
CVE-2022-41258 was published Nov 9, 2022
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended... Moderate Unreviewed
CVE-2020-1927 was published May 24, 2022
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input... Moderate Unreviewed
CVE-2022-41260 was published Nov 9, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an... Moderate Unreviewed
CVE-2022-41208 was published Nov 9, 2022
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host... Moderate Unreviewed
CVE-2022-23237 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database