Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call... High Unreviewed
CVE-2021-39707 was published Mar 17, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to... High Unreviewed
CVE-2021-39703 was published Mar 17, 2022
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed
CVE-2021-39765 was published Mar 31, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could... High Unreviewed
CVE-2021-39787 was published Mar 31, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed
CVE-2022-20789 was published Apr 22, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name... High Unreviewed
CVE-2022-24241 was published Jun 3, 2022
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to... High Unreviewed
CVE-2022-20223 was published Jul 14, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote... Moderate Unreviewed
CVE-2022-30245 was published Jul 16, 2022
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50.... Moderate Unreviewed
CVE-2015-10003 was published Jul 18, 2022
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple... High Unreviewed
CVE-2016-0796 was published Jul 29, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could... Low Unreviewed
CVE-2019-9440 was published May 24, 2022
In the Package Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9438 was published May 24, 2022
In the Activity Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9292 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7194 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7195 was published May 24, 2022
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a... Moderate Unreviewed
CVE-2022-20199 was published Dec 20, 2022
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0338 was published May 24, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0337 was published May 24, 2022
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs... High Unreviewed
CVE-2020-6105 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API