Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,052 advisories

Loading
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from... Moderate Unreviewed
CVE-2009-0049 was published May 2, 2022
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL... Moderate Unreviewed
CVE-2009-0048 was published May 2, 2022
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL... Moderate Unreviewed
CVE-2009-0046 was published May 2, 2022
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal... Moderate Unreviewed
CVE-2009-0047 was published May 2, 2022
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all... Moderate Unreviewed
CVE-2009-0030 was published May 2, 2022
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the... Moderate Unreviewed
CVE-2009-0025 was published May 2, 2022
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from... Moderate Unreviewed
CVE-2009-0021 was published May 2, 2022
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote... Moderate Unreviewed
CVE-2008-4319 was published May 2, 2022
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative... Moderate Unreviewed
CVE-2008-4167 was published May 2, 2022
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a... Moderate Unreviewed
CVE-2008-4146 was published May 2, 2022
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9... Moderate Unreviewed
CVE-2008-3905 was published May 2, 2022
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security... Moderate Unreviewed
CVE-2008-3866 was published May 2, 2022
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x... Moderate Unreviewed
CVE-2008-3814 was published May 2, 2022
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX... Moderate Unreviewed
CVE-2008-3815 was published May 2, 2022
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to... Moderate Unreviewed
CVE-2008-3738 was published May 2, 2022
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a... Moderate Unreviewed
CVE-2008-3611 was published May 2, 2022
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration... Moderate Unreviewed
CVE-2008-3503 was published May 2, 2022
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web... Moderate Unreviewed
CVE-2008-3428 was published May 2, 2022
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service... Moderate Unreviewed
CVE-2008-3425 was published May 2, 2022
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under... Moderate Unreviewed
CVE-2008-3407 was published May 1, 2022
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain... Moderate Unreviewed
CVE-2008-3292 was published May 1, 2022
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers... Moderate Unreviewed
CVE-2008-2879 was published May 1, 2022
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications... Moderate Unreviewed
CVE-2008-2730 was published May 1, 2022
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2)... Moderate Unreviewed
CVE-2008-2524 was published May 1, 2022
pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator... Moderate Unreviewed
CVE-2008-2516 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database