GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
160 advisories
Filter by severity
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system....
Critical
Unreviewed
CVE-2019-19885
was published
May 24, 2022
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an...
Critical
Unreviewed
CVE-2020-4499
was published
May 24, 2022
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting...
Critical
Unreviewed
CVE-2020-11856
was published
May 24, 2022
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,...
Critical
Unreviewed
CVE-2020-6823
was published
May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The...
Critical
Unreviewed
CVE-2019-1010150
was published
May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms...
Critical
Unreviewed
CVE-2019-1010149
was published
May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The...
Critical
Unreviewed
CVE-2019-1010152
was published
May 24, 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts...
Critical
Unreviewed
CVE-2022-22282
was published
May 14, 2022
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file...
Critical
Unreviewed
CVE-2018-8755
was published
May 13, 2022
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e...
Critical
Unreviewed
CVE-2018-7702
was published
May 13, 2022
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in...
Critical
Unreviewed
CVE-2018-6000
was published
May 13, 2022
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the...
Critical
Unreviewed
CVE-2018-5377
was published
May 13, 2022
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web...
Critical
Unreviewed
CVE-2018-11541
was published
May 13, 2022
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without...
Critical
Unreviewed
CVE-2017-9232
was published
May 13, 2022
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center...
Critical
Unreviewed
CVE-2017-6639
was published
May 13, 2022
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an...
Critical
Unreviewed
CVE-2017-6622
was published
May 13, 2022
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P...
Critical
Unreviewed
CVE-2017-12582
was published
May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper...
Critical
Unreviewed
CVE-2018-18996
was published
May 13, 2022
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the...
Critical
Unreviewed
CVE-2018-16591
was published
May 13, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config...
Critical
Unreviewed
CVE-2019-9002
was published
May 13, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
An missing authorization vulnerability has been reported to affect QNAP device running Video...
Critical
Unreviewed
CVE-2021-44055
was published
May 6, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass
Critical
Unreviewed
CVE-2013-3960
was published
May 5, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various...
Critical
Unreviewed
CVE-2021-43938
was published
Apr 30, 2022
Hospital Management System v1.0 was discovered to lack an authorization component, allowing...
Critical
Unreviewed
CVE-2022-26546
was published
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API