Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed
CVE-2021-45420 was published Feb 15, 2022
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint... Critical Unreviewed
CVE-2021-3773 was published Feb 17, 2022
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended... Critical Unreviewed
CVE-2010-2783 was published Apr 21, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account... Critical Unreviewed
CVE-2018-11741 was published May 13, 2022
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows... Critical Unreviewed
CVE-2018-11653 was published May 13, 2022
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access... Critical Unreviewed
CVE-2017-5158 was published May 13, 2022
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct... Critical Unreviewed
CVE-2018-12634 was published May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability... Critical Unreviewed
CVE-2017-11435 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI).... Critical Unreviewed
CVE-2019-0040 was published May 13, 2022
In Vignette Content Management version 6, it is possible to gain remote access to administrator... Critical Unreviewed
CVE-2018-18941 was published May 13, 2022
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it... Critical Unreviewed
CVE-2018-20371 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database