Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280,694 advisories

Loading
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. High Unreviewed
CVE-2015-5183 was published May 13, 2022
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software... High Unreviewed
CVE-2017-9956 was published May 17, 2022
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1... Critical Unreviewed
CVE-2017-7973 was published May 17, 2022
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider... High Unreviewed
CVE-2017-7969 was published May 17, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK)... Moderate Unreviewed
CVE-2017-13078 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK)... Moderate Unreviewed
CVE-2017-13077 was published May 13, 2022
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows... Critical Unreviewed
CVE-2014-8621 was published May 17, 2022
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to... High Unreviewed
CVE-2015-4669 was published May 14, 2022
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link... Moderate Unreviewed
CVE-2017-14718 was published May 17, 2022
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted... Moderate Unreviewed
CVE-2017-14721 was published May 17, 2022
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view... Moderate Unreviewed
CVE-2017-14720 was published May 17, 2022
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. Moderate Unreviewed
CVE-2017-14712 was published May 17, 2022
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute... High Unreviewed
CVE-2017-14627 was published May 14, 2022
Multiple hardcoded credentials in Xsuite 2.x. Critical Unreviewed
CVE-2015-4667 was published May 14, 2022
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as... High Unreviewed
CVE-2017-14729 was published May 17, 2022
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. Moderate Unreviewed
CVE-2017-14717 was published May 17, 2022
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time... High Unreviewed
CVE-2017-14727 was published May 17, 2022
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect... Moderate Unreviewed
CVE-2015-4668 was published May 14, 2022
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip... High Unreviewed
CVE-2017-14719 was published May 17, 2022
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component... High Unreviewed
CVE-2017-14722 was published May 17, 2022
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in... Moderate Unreviewed
CVE-2017-14726 was published May 17, 2022
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Moderate Unreviewed
CVE-2017-14724 was published May 17, 2022
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag... Moderate Unreviewed
CVE-2017-14725 was published May 17, 2022
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in ... Critical Unreviewed
CVE-2017-14723 was published May 17, 2022
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial... High Unreviewed
CVE-2017-14682 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database