Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed
CVE-2018-12381 was published May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed
CVE-2017-15269 was published May 13, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed
CVE-2017-0211 was published May 13, 2022
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,... High Unreviewed
CVE-2021-43066 was published May 12, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed
CVE-2022-20789 was published Apr 22, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed
CVE-2021-39765 was published Mar 31, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could... High Unreviewed
CVE-2021-39787 was published Mar 31, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to... High Unreviewed
CVE-2021-39703 was published Mar 17, 2022
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call... High Unreviewed
CVE-2021-39707 was published Mar 17, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a... High Unreviewed
CVE-2021-39663 was published Feb 12, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused... High Unreviewed
CVE-2021-39668 was published Feb 12, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to... High Unreviewed
CVE-2021-1035 was published Jan 15, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due... High Unreviewed
CVE-2021-39626 was published Jan 15, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful... Moderate Unreviewed
CVE-2021-37112 was published Jan 4, 2022
Password vault has a External Control of System or Configuration Setting vulnerability.Successful... High Unreviewed
CVE-2021-39971 was published Jan 4, 2022
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to... High Unreviewed
CVE-2021-1003 was published Dec 16, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path... Critical Unreviewed
CVE-2021-44041 was published Dec 15, 2021
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary... Critical Unreviewed
CVE-2021-20042 was published Dec 9, 2021
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and... Moderate Unreviewed
CVE-2021-36190 was published Dec 9, 2021
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master... Critical Unreviewed
CVE-2021-43685 was published Dec 2, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
ExternalName Services can be used to gain access to Envoy's admin interface High
CVE-2021-32783 was published for github.com/projectcontour/contour (Go) Aug 30, 2021
josh-ferrell
ProTip! Advisories are also available from the GraphQL API