Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Noise vulnerable to denial of service High
CVE-2021-4239 was published for github.com/flynn/noise (Go) Dec 28, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess... High Unreviewed
CVE-2020-15340 was published Sep 30, 2022
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow... High Unreviewed
CVE-2022-30237 was published Jun 3, 2022
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the... High Unreviewed
CVE-2021-41302 was published May 24, 2022
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones... High Unreviewed
CVE-2021-22932 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0... High Unreviewed
CVE-2021-26100 was published May 24, 2022
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a... High Unreviewed
CVE-2021-34825 was published May 24, 2022
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed
CVE-2020-24396 was published May 24, 2022
IBM API Connect V10 is impacted by insecure communications during database replication. As the... High Unreviewed
CVE-2020-4695 was published May 24, 2022
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices... High Unreviewed
CVE-2020-23162 was published May 24, 2022
Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an... High Unreviewed
CVE-2020-26732 was published May 24, 2022
The encryption function of NHIServiSignAdapter fail to verify the file path input by users.... High Unreviewed
CVE-2020-25842 was published May 24, 2022
** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled.... High Unreviewed
CVE-2020-35587 was published May 24, 2022
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and... High Unreviewed
CVE-2020-14254 was published May 24, 2022
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and... High Unreviewed
CVE-2020-27055 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2... High Unreviewed
CVE-2020-28217 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2... High Unreviewed
CVE-2020-28216 was published May 24, 2022
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting... High Unreviewed
CVE-2020-9774 was published May 24, 2022
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session... High Unreviewed
CVE-2020-27651 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1.... High Unreviewed
CVE-2020-15771 was published May 24, 2022
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way... High Unreviewed
CVE-2020-10273 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database