Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,000 advisories

Loading
Zope does not properly restrict access to the getRoles method High
CVE-2000-0725 was published for zope (pip) Apr 30, 2022
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long... High Unreviewed
CVE-2001-0781 was published Apr 30, 2022
Zope does not properly verify the access for objects with proxy roles High
CVE-2002-0170 was published for zope (pip) Apr 30, 2022
MoinMoin vulnerable to privilege escalation High
CVE-2008-1937 was published for moin (pip) May 1, 2022
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the... High Unreviewed
CVE-2009-2092 was published May 2, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the... High Unreviewed
CVE-2009-5150 was published May 2, 2022
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter... High Unreviewed
CVE-2009-5151 was published May 2, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
A privilege escalation vulnerability exists in the router configuration import functionality of... High Unreviewed
CVE-2022-21182 was published May 13, 2022
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the... High Unreviewed
CVE-2016-9599 was published May 13, 2022
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not... High Unreviewed
CVE-2016-4979 was published May 13, 2022
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not... High Unreviewed
CVE-2016-5387 was published May 13, 2022
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files... High Unreviewed
CVE-2015-3306 was published May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,... High Unreviewed
CVE-2017-15131 was published May 13, 2022
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary... High Unreviewed
CVE-2016-9956 was published May 13, 2022
Improper Access Control in Elasticsearch High
CVE-2019-7611 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec... High Unreviewed
CVE-2016-7032 was published May 13, 2022
slixmpp Incorrect Access Control High
CVE-2019-1000021 was published for slixmpp (pip) May 13, 2022
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
HashiCorp Consul Access Restriction Bypass High
CVE-2019-8336 was published for github.com/hashicorp/consul (Go) May 13, 2022
Improper Access Control in Apache Tomcat High
CVE-2016-5388 was published for org.apache.tomcat:tomcat-catalina (Maven) May 13, 2022
sunSUNQ
elog 3.1.1 allows remote attackers to post data as any username in the logbook. High Unreviewed
CVE-2016-6342 was published May 13, 2022
The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to... High Unreviewed
CVE-2014-2277 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database