GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,197

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

514 advisories

Filter by severity

Sort by

Least recently updated

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The... Moderate Unreviewed

CVE-2021-33845 was published May 7, 2022

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability High

CVE-2007-6721 was published for bouncycastle:bcprov-jdk14 (Maven) May 1, 2022

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet... Moderate Unreviewed

CVE-2005-0918 was published May 1, 2022

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which... Moderate Unreviewed

CVE-2004-2252 was published Apr 29, 2022

Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and... Moderate Unreviewed

CVE-2004-2150 was published Apr 29, 2022

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given... Moderate Unreviewed

CVE-2004-1602 was published Apr 29, 2022

ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of... Moderate Unreviewed

CVE-2004-1428 was published Apr 29, 2022

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a... Moderate Unreviewed

CVE-2003-0637 was published Apr 29, 2022

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an... Moderate Unreviewed

CVE-2003-0190 was published Apr 29, 2022

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed

CVE-2022-1318 was published Apr 21, 2022

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed

CVE-2022-22356 was published Apr 6, 2022

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed

CVE-2021-39744 was published Mar 31, 2022

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed

CVE-2021-39745 was published Mar 31, 2022

In ContextImpl, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39754 was published Mar 31, 2022

In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39756 was published Mar 31, 2022

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package... Moderate Unreviewed

CVE-2021-39755 was published Mar 31, 2022

In Media, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39761 was published Mar 31, 2022

In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39766 was published Mar 31, 2022

In AudioService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39760 was published Mar 31, 2022

In People, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-39775 was published Mar 31, 2022

In VpnManagerService, there is a possible disclosure of installed VPN packages due to side... Moderate Unreviewed

CVE-2021-39773 was published Mar 31, 2022

In TelecomManager, there is a possible way to check if a particular self managed phone account... Moderate Unreviewed

CVE-2021-39788 was published Mar 31, 2022

In WallpaperManagerService, there is a possible way to determine whether an app is installed,... Moderate Unreviewed

CVE-2021-39791 was published Mar 31, 2022

Discoverability of user password hash in Statamic CMS Low

CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022

Symfony Http-Kernel has non-constant time comparison in UriSigner High

CVE-2019-18887 was published for symfony/http-kernel (Composer) Mar 26, 2022

Previous 1 2 … 16 17 18 19 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

514 advisories