Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on... Critical Unreviewed
CVE-2018-11240 was published May 13, 2022
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs)... Critical Unreviewed
CVE-2017-7471 was published May 13, 2022
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog... Critical Unreviewed
CVE-2018-1115 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities... Critical Unreviewed
CVE-2017-12816 was published May 13, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO Critical
CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client... Critical Unreviewed
CVE-2012-2087 was published Apr 23, 2022
Struts ParameterInterceptor vulnerability allows remote command execution Critical
CVE-2011-3923 was published for org.apache.struts:struts2-core (Maven) Apr 22, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable... Critical Unreviewed
CVE-2021-22566 was published Jan 19, 2022
File and directory permissions have been corrected to prevent unintended users from modifying or... Critical Unreviewed
CVE-2022-22988 was published Jan 14, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42115 was published Dec 1, 2021
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API