GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
Incorrect Resource Transfer Between Spheres in Grails
High
CVE-2019-12728
was published
for
org.grails:grails-core
(Maven)
May 24, 2022
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an...
Critical
Unreviewed
CVE-2019-3801
was published
May 24, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading...
Moderate
Unreviewed
CVE-2021-41714
was published
May 24, 2022
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check...
High
Unreviewed
CVE-2022-28944
was published
May 24, 2022
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room...
High
Unreviewed
CVE-2022-22786
was published
May 19, 2022
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC...
High
Unreviewed
CVE-2018-13012
was published
May 13, 2022
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred...
Low
Unreviewed
CVE-2017-2739
was published
May 13, 2022
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in...
High
Unreviewed
CVE-2017-2707
was published
May 13, 2022
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local...
Moderate
Unreviewed
CVE-2017-12306
was published
May 13, 2022
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of...
High
Unreviewed
CVE-2017-13083
was published
May 13, 2022
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows...
High
Unreviewed
CVE-2018-19234
was published
May 13, 2022
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to...
High
Unreviewed
CVE-2018-4009
was published
May 13, 2022
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the...
High
Unreviewed
CVE-2008-3438
was published
May 2, 2022
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of...
High
Unreviewed
CVE-2008-3324
was published
May 1, 2022
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications...
High
Unreviewed
CVE-2002-0671
was published
Apr 30, 2022
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download...
High
Unreviewed
CVE-2001-1125
was published
Apr 30, 2022
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability...
High
Unreviewed
CVE-2022-24644
was published
Mar 11, 2022
A download of code without integrity check vulnerability in the "execute restore src-vis" command...
High
Unreviewed
CVE-2021-44168
was published
Jan 5, 2022
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote...
Critical
Unreviewed
CVE-2020-7883
was published
Dec 29, 2021
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
ProTip!
Advisories are also available from the
GraphQL API