Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). High Unreviewed
CVE-2016-10811 was published May 24, 2022
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process ... High Unreviewed
CVE-2016-10810 was published May 24, 2022
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process ... High Unreviewed
CVE-2016-10809 was published May 24, 2022
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). High Unreviewed
CVE-2016-10790 was published May 24, 2022
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to... High Unreviewed
CVE-2019-3800 was published May 24, 2022
Magento 2 Community Edition Information Leak High
CVE-2019-7951 was published for magento/community-edition (Composer) May 24, 2022
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). High Unreviewed
CVE-2017-18432 was published May 24, 2022
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the... High Unreviewed
CVE-2019-14399 was published May 24, 2022
Exposure of Sensitive Information in Apache Storm Logviewer High
CVE-2019-0202 was published for org.apache.storm:storm-core (Maven) May 24, 2022
Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an... High Unreviewed
CVE-2018-13897 was published May 24, 2022
A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for... High Unreviewed
CVE-2019-14205 was published May 24, 2022
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail,... High Unreviewed
CVE-2019-8931 was published May 24, 2022
An information disclosure vulnerability leading to a potential local escalation of privilege in... High Unreviewed
CVE-2019-8998 was published May 24, 2022
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters.... High Unreviewed
CVE-2019-4193 was published May 24, 2022
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a... High Unreviewed
CVE-2019-13338 was published May 24, 2022
Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to... High Unreviewed
CVE-2018-14529 was published May 24, 2022
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because... High Unreviewed
CVE-2019-13313 was published May 24, 2022
virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because... High Unreviewed
CVE-2019-13314 was published May 24, 2022
IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to... High Unreviewed
CVE-2019-4140 was published May 24, 2022
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being... High Unreviewed
CVE-2019-11233 was published May 24, 2022
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL... High Unreviewed
CVE-2017-8337 was published May 24, 2022
app/operator_panel/index_inc.php in the Operator Panel module in FreePBX 4.4.3 suffers from an... High Unreviewed
CVE-2019-11407 was published May 24, 2022
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the... High Unreviewed
CVE-2019-1019 was published May 24, 2022
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak... High Unreviewed
CVE-2019-3411 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database