Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,538 advisories

Loading
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote... High Unreviewed
CVE-2014-4725 was published May 17, 2022
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require... High Unreviewed
CVE-2014-2609 was published May 17, 2022
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A... High Unreviewed
CVE-2014-1982 was published May 17, 2022
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information High
CVE-2010-4481 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server... High Unreviewed
CVE-2022-45431 was published Dec 27, 2022
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass... High Unreviewed
CVE-2013-4784 was published May 17, 2022
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute... High Unreviewed
CVE-2013-4782 was published May 17, 2022
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does... High Unreviewed
CVE-2013-1080 was published May 17, 2022
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through... High Unreviewed
CVE-2012-5975 was published May 17, 2022
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS... High Unreviewed
CVE-2012-2562 was published May 17, 2022
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which... High Unreviewed
CVE-2009-0695 was published May 2, 2022
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which... High Unreviewed
CVE-2011-3620 was published May 17, 2022
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie... High Unreviewed
CVE-2012-1840 was published May 14, 2022
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable... High Unreviewed
CVE-2011-4644 was published May 17, 2022
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite... High Unreviewed
CVE-2011-3478 was published May 14, 2022
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and... High Unreviewed
CVE-2011-4051 was published May 17, 2022
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters... High Unreviewed
CVE-2010-4478 was published May 17, 2022
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the... High Unreviewed
CVE-2010-4279 was published May 14, 2022
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication... High Unreviewed
CVE-2010-4333 was published May 14, 2022
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and... High Unreviewed
CVE-2010-4332 was published May 14, 2022
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build... High Unreviewed
CVE-2010-0833 was published May 2, 2022
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass... High Unreviewed
CVE-2009-4830 was published May 2, 2022
There is a difficult to exploit improper authentication issue in the Home application for Esri... High Unreviewed
CVE-2024-25699 was published Apr 4, 2024
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control... High Unreviewed
CVE-2022-47976 was published Jan 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database