GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Manually dragging and dropping an Outlook email message into the browser will trigger a page...
Moderate
Unreviewed
CVE-2018-12381
was published
May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be...
Moderate
Unreviewed
CVE-2017-15269
was published
May 13, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,...
Moderate
Unreviewed
CVE-2017-0211
was published
May 13, 2022
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,...
High
Unreviewed
CVE-2021-43066
was published
May 12, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified...
High
Unreviewed
CVE-2022-20789
was published
Apr 22, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to...
Moderate
Unreviewed
CVE-2021-39765
was published
Mar 31, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could...
High
Unreviewed
CVE-2021-39787
was published
Mar 31, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to...
High
Unreviewed
CVE-2021-39703
was published
Mar 17, 2022
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call...
High
Unreviewed
CVE-2021-39707
was published
Mar 17, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a...
High
Unreviewed
CVE-2021-39663
was published
Feb 12, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused...
High
Unreviewed
CVE-2021-39668
was published
Feb 12, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to...
High
Unreviewed
CVE-2021-1035
was published
Jan 15, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due...
High
Unreviewed
CVE-2021-39626
was published
Jan 15, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path
High
Unreviewed
CVE-2021-3845
was published
Jan 5, 2022
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful...
Moderate
Unreviewed
CVE-2021-37112
was published
Jan 4, 2022
Password vault has a External Control of System or Configuration Setting vulnerability.Successful...
High
Unreviewed
CVE-2021-39971
was published
Jan 4, 2022
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to...
High
Unreviewed
CVE-2021-1003
was published
Dec 16, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path...
Critical
Unreviewed
CVE-2021-44041
was published
Dec 15, 2021
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary...
Critical
Unreviewed
CVE-2021-20042
was published
Dec 9, 2021
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and...
Moderate
Unreviewed
CVE-2021-36190
was published
Dec 9, 2021
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master...
Critical
Unreviewed
CVE-2021-43685
was published
Dec 2, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
ExternalName Services can be used to gain access to Envoy's admin interface
High
CVE-2021-32783
was published
for
github.com/projectcontour/contour
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API