Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11,273 advisories

Loading
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that... Low Unreviewed
CVE-2013-5169 was published May 17, 2022
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows... Low Unreviewed
CVE-2012-0827 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated... Low Unreviewed
CVE-2013-3920 was published May 17, 2022
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry... Low Unreviewed
CVE-2013-5856 was published May 17, 2022
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry... Low Unreviewed
CVE-2013-5857 was published May 17, 2022
gypsy 0.8 does not properly restrict the files that can be read while running with root... Low Unreviewed
CVE-2011-0523 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2,... Low Unreviewed
CVE-2013-6912 was published May 17, 2022
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the... Low Unreviewed
CVE-2020-13285 was published May 24, 2022
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows... Low Unreviewed
CVE-2013-5218 was published May 17, 2022
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it... Low Unreviewed
CVE-2013-5037 was published May 17, 2022
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2)... Low Unreviewed
CVE-2013-4452 was published May 17, 2022
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0... Low Unreviewed
CVE-2013-4505 was published May 17, 2022
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read... Low Unreviewed
CVE-2013-3617 was published May 17, 2022
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not... Low Unreviewed
CVE-2013-2635 was published May 17, 2022
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml,... Low Unreviewed
CVE-2013-1069 was published May 17, 2022
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote... Low Unreviewed
CVE-2013-5219 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated... Low Unreviewed
CVE-2011-5269 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote... Low Unreviewed
CVE-2013-5222 was published May 17, 2022
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the... Low Unreviewed
CVE-2013-1922 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2... Low Unreviewed
CVE-2013-6914 was published May 17, 2022
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry... Low Unreviewed
CVE-2013-5811 was published May 17, 2022
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to... Low Unreviewed
CVE-2013-1566 was published May 17, 2022
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2... Low Unreviewed
CVE-2013-2096 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon... Low Unreviewed
CVE-2013-6915 was published May 17, 2022
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled,... Low Unreviewed
CVE-2013-5183 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database