Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect... Critical Unreviewed
CVE-2019-18823 was published May 24, 2022
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006... Critical Unreviewed
CVE-2016-1112 was published May 17, 2022
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests... Critical Unreviewed
CVE-2015-7926 was published May 17, 2022
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain... Critical Unreviewed
CVE-2016-2298 was published May 17, 2022
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded... Critical Unreviewed
CVE-2016-4521 was published May 17, 2022
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer... Critical Unreviewed
CVE-2019-6177 was published May 24, 2022
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon... Critical Unreviewed
CVE-2019-2254 was published May 24, 2022
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password... Critical Unreviewed
CVE-2019-11403 was published May 24, 2022
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015... Critical Unreviewed
CVE-2020-27183 was published May 24, 2022
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take... Critical Unreviewed
CVE-2020-26167 was published May 24, 2022
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during... Critical Unreviewed
CVE-2020-25179 was published May 24, 2022
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile... Critical Unreviewed
CVE-2020-27134 was published May 24, 2022
admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load... Critical Unreviewed
CVE-2021-32925 was published May 24, 2022
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an... Critical Unreviewed
CVE-2020-28199 was published May 24, 2022
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive... Critical Unreviewed
CVE-2015-0152 was published May 24, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account... Critical Unreviewed
CVE-2018-11741 was published May 13, 2022
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows... Critical Unreviewed
CVE-2018-11653 was published May 13, 2022
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access... Critical Unreviewed
CVE-2017-5158 was published May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability... Critical Unreviewed
CVE-2017-11435 was published May 13, 2022
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct... Critical Unreviewed
CVE-2018-12634 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI).... Critical Unreviewed
CVE-2019-0040 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API