Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
Vulnerability of incomplete read and write permission verification in the GPU module. Successful... Critical Unreviewed
CVE-2021-46891 was published Jul 5, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM... Critical Unreviewed
CVE-2023-32113 was published May 9, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to... Critical Unreviewed
CVE-2023-0321 was published Jan 26, 2023
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not... Critical Unreviewed
CVE-2021-3688 was published Aug 27, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive... Critical Unreviewed
CVE-2015-0152 was published May 24, 2022
admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load... Critical Unreviewed
CVE-2021-32925 was published May 24, 2022
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an... Critical Unreviewed
CVE-2020-28199 was published May 24, 2022
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during... Critical Unreviewed
CVE-2020-25179 was published May 24, 2022
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile... Critical Unreviewed
CVE-2020-27134 was published May 24, 2022
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take... Critical Unreviewed
CVE-2020-26167 was published May 24, 2022
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015... Critical Unreviewed
CVE-2020-27183 was published May 24, 2022
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect... Critical Unreviewed
CVE-2019-18823 was published May 24, 2022
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a... Critical Unreviewed
CVE-2019-15859 was published May 24, 2022
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer... Critical Unreviewed
CVE-2019-6177 was published May 24, 2022
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon... Critical Unreviewed
CVE-2019-2254 was published May 24, 2022
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4.... Critical Unreviewed
CVE-2019-11991 was published May 24, 2022
Openstack Magnum Unsafe Credential Handling Critical
CVE-2016-7404 was published for openstack-magnum (pip) May 24, 2022
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module... Critical Unreviewed
CVE-2019-5016 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API