GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
240 advisories
Filter by severity
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an...
Critical
Unreviewed
CVE-2022-2103
was published
Jun 25, 2022
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows...
Critical
Unreviewed
CVE-2015-0150
was published
May 24, 2022
The server permits communication without any authentication procedure, allowing the attacker to...
Critical
Unreviewed
CVE-2021-38457
was published
May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2...
Critical
Unreviewed
CVE-2021-38454
was published
May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's...
Critical
Unreviewed
CVE-2020-12030
was published
May 24, 2022
An improper access control vulnerability has been reported to affect certain legacy versions of...
Critical
Unreviewed
CVE-2021-28809
was published
May 24, 2022
This vulnerability allows remote attackers to execute escalate privileges on affected...
Critical
Unreviewed
CVE-2021-27258
was published
May 24, 2022
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress...
Critical
Unreviewed
CVE-2021-24215
was published
May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and...
Critical
Unreviewed
CVE-2020-7561
was published
May 24, 2022
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16,...
Critical
Unreviewed
CVE-2020-10731
was published
May 24, 2022
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and...
Critical
Unreviewed
CVE-2019-5644
was published
May 24, 2022
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows...
Critical
Unreviewed
CVE-2019-9531
was published
May 24, 2022
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to...
Critical
Unreviewed
CVE-2018-21007
was published
May 24, 2022
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based...
Critical
Unreviewed
CVE-2017-18543
was published
May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to...
Critical
Unreviewed
CVE-2019-9884
was published
May 24, 2022
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and...
Critical
Unreviewed
CVE-2018-14885
was published
May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2019-2729
was published
May 24, 2022
An Insufficient Access Control vulnerability (leading to credential disclosure) in...
Critical
Unreviewed
CVE-2018-17148
was published
May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580,...
Critical
Unreviewed
CVE-2018-7847
was published
May 24, 2022
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
Critical
Unreviewed
CVE-2017-5863
was published
May 24, 2022
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211...
Critical
Unreviewed
CVE-2016-2275
was published
May 17, 2022
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions...
Critical
Unreviewed
CVE-2016-4501
was published
May 17, 2022
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier...
Critical
Unreviewed
CVE-2016-5302
was published
May 17, 2022
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random...
Critical
Unreviewed
CVE-2016-0391
was published
May 17, 2022
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
Critical
Unreviewed
CVE-2015-1000009
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API