Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC)... Critical Unreviewed
CVE-2020-3470 was published May 24, 2022
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2020-27125 was published May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi Critical
CVE-2020-25592 was published for salt (pip) May 24, 2022
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines... Critical Unreviewed
CVE-2020-28037 was published May 24, 2022
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization... Critical Unreviewed
CVE-2020-27159 was published May 24, 2022
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of... Critical Unreviewed
CVE-2020-25765 was published May 24, 2022
Multiple memory corruption issues were addressed with improved input validation. This issue is... Critical Unreviewed
CVE-2019-8756 was published May 24, 2022
Multiple memory corruption issues were addressed with improved input validation. This issue is... Critical Unreviewed
CVE-2019-8749 was published May 24, 2022
A validation issue existed in Trust Anchor Management. This issue was addressed with improved... Critical Unreviewed
CVE-2019-8531 was published May 24, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed
CVE-2018-19949 was published May 24, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in... Critical Unreviewed
CVE-2020-9906 was published May 24, 2022
A remote accessmgrservlet classname input validation code execution vulnerability was discovered... Critical Unreviewed
CVE-2020-24647 was published May 24, 2022
A remote bytemessageresource transformentity" input validation code execution vulnerability was... Critical Unreviewed
CVE-2020-24649 was published May 24, 2022
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is... Critical Unreviewed
CVE-2020-15374 was published May 24, 2022
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.20 Take 160,... Critical Unreviewed
CVE-2020-6020 was published May 24, 2022
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS... Critical Unreviewed
CVE-2020-3426 was published May 24, 2022
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all... Critical Unreviewed
CVE-2020-25787 was published May 24, 2022
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before... Critical Unreviewed
CVE-2020-24753 was published May 24, 2022
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter... Critical Unreviewed
CVE-2020-11698 was published May 24, 2022
A DNS rebinding vulnerability in Freebox HD before 1.5.29. Critical Unreviewed
CVE-2020-24374 was published May 24, 2022
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox Server before 4.2.3. Critical Unreviewed
CVE-2020-24376 was published May 24, 2022
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. Critical Unreviewed
CVE-2020-24377 was published May 24, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Critical Unreviewed
CVE-2020-5537 was published May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database