Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess... High Unreviewed
CVE-2020-15340 was published Sep 30, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting... High Unreviewed
CVE-2020-9774 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1.... High Unreviewed
CVE-2020-15771 was published May 24, 2022
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and... High Unreviewed
CVE-2020-27055 was published May 24, 2022
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and... High Unreviewed
CVE-2020-14254 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2... High Unreviewed
CVE-2020-28217 was published May 24, 2022
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices... High Unreviewed
CVE-2020-23162 was published May 24, 2022
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session... High Unreviewed
CVE-2020-27651 was published May 24, 2022
The encryption function of NHIServiSignAdapter fail to verify the file path input by users.... High Unreviewed
CVE-2020-25842 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2... High Unreviewed
CVE-2020-28216 was published May 24, 2022
IBM API Connect V10 is impacted by insecure communications during database replication. As the... High Unreviewed
CVE-2020-4695 was published May 24, 2022
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone... High Unreviewed
CVE-2022-29945 was published Apr 30, 2022
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones... High Unreviewed
CVE-2021-22932 was published May 24, 2022
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the... High Unreviewed
CVE-2021-41302 was published May 24, 2022
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted... High Unreviewed
CVE-2017-7729 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were... High Unreviewed
CVE-2017-12817 was published May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by... High Unreviewed
CVE-2019-6518 was published May 13, 2022
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37050 was published Dec 9, 2021
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the... High Unreviewed
CVE-2021-37189 was published Dec 11, 2021
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or... High Unreviewed
CVE-2017-17763 was published May 13, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2018-1683 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database