Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

59 advisories

Loading
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web... High Unreviewed
CVE-2021-46010 was published Apr 1, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values. High Unreviewed
CVE-2022-28355 was published Apr 3, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS... High Unreviewed
CVE-2022-22517 was published Apr 8, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses... High Unreviewed
CVE-2008-0087 was published May 1, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business... High Unreviewed
CVE-2008-2433 was published May 1, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently... High Unreviewed
CVE-2009-2158 was published May 2, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x... High Unreviewed
CVE-2022-26071 was published May 6, 2022
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to... High Unreviewed
CVE-2013-6925 was published May 13, 2022
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the... High Unreviewed
CVE-2019-8919 was published May 13, 2022
Due to unencrypted signal communication and predictability of rolling codes, an attacker can ... High Unreviewed
CVE-2019-9860 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the... High Unreviewed
CVE-2017-13082 was published May 13, 2022
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380... High Unreviewed
CVE-2017-15654 was published May 13, 2022
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be... High Unreviewed
CVE-2017-17091 was published May 13, 2022
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569... High Unreviewed
CVE-2017-17704 was published May 13, 2022
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be... High Unreviewed
CVE-2018-15807 was published May 13, 2022
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. High Unreviewed
CVE-2018-20025 was published May 14, 2022
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure... High Unreviewed
CVE-2019-1997 was published May 14, 2022
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum... High Unreviewed
CVE-2018-17987 was published May 14, 2022
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide... High Unreviewed
CVE-2022-30782 was published May 17, 2022
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote... High Unreviewed
CVE-2017-10874 was published May 17, 2022
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen... High Unreviewed
CVE-2017-7901 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database