Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security... Critical Unreviewed
CVE-2017-3972 was published May 13, 2022
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an... Critical Unreviewed
CVE-2017-6709 was published May 13, 2022
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON... Critical Unreviewed
CVE-2018-10627 was published May 13, 2022
Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability... Critical Unreviewed
CVE-2018-14822 was published May 13, 2022
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation... Critical Unreviewed
CVE-2018-8919 was published May 13, 2022
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read... Critical Unreviewed
CVE-2018-9852 was published May 13, 2022
An issue existed with autofill resuming after it was canceled. The issue was addressed with... Critical Unreviewed
CVE-2019-6206 was published May 13, 2022
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it... Critical Unreviewed
CVE-2018-20371 was published May 13, 2022
In Vignette Content Management version 6, it is possible to gain remote access to administrator... Critical Unreviewed
CVE-2018-18941 was published May 13, 2022
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI).... Critical Unreviewed
CVE-2019-0040 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability... Critical Unreviewed
CVE-2017-11435 was published May 13, 2022
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct... Critical Unreviewed
CVE-2018-12634 was published May 13, 2022
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access... Critical Unreviewed
CVE-2017-5158 was published May 13, 2022
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account... Critical Unreviewed
CVE-2018-11741 was published May 13, 2022
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows... Critical Unreviewed
CVE-2018-11653 was published May 13, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
Credited to macwier, veloek, and dlannoye
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended... Critical Unreviewed
CVE-2010-2783 was published Apr 21, 2022
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint... Critical Unreviewed
CVE-2021-3773 was published Feb 17, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed
CVE-2021-45420 was published Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Credited to ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database