Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed
CVE-2021-39765 was published Mar 31, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote... Moderate Unreviewed
CVE-2022-30245 was published Jul 16, 2022
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50.... Moderate Unreviewed
CVE-2015-10003 was published Jul 18, 2022
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a... Moderate Unreviewed
CVE-2022-20199 was published Dec 20, 2022
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0338 was published May 24, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0337 was published May 24, 2022
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers... Moderate Unreviewed
CVE-2021-26711 was published May 24, 2022
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built... Moderate Unreviewed
CVE-2021-29965 was published May 24, 2022
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a... Moderate Unreviewed
CVE-2021-0599 was published May 24, 2022
An arbitrary file deletion vulnerability exists within Maccms10. Moderate Unreviewed
CVE-2020-21363 was published May 24, 2022
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to... Moderate Unreviewed
CVE-2020-23171 was published May 24, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be... Moderate Unreviewed
CVE-2022-2638 was published Aug 29, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed
CVE-2017-0211 was published May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed
CVE-2017-15269 was published May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed
CVE-2018-12381 was published May 13, 2022
ILIAS before 7.16 allows External Control of File Name or Path. Moderate Unreviewed
CVE-2022-45918 was published Dec 7, 2022
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to... Moderate Unreviewed
CVE-2019-18202 was published May 24, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and... Moderate Unreviewed
CVE-2021-36190 was published Dec 9, 2021
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful... Moderate Unreviewed
CVE-2021-37112 was published Jan 4, 2022
Local privilege escalation during recovery due to improper soft link handling. The following... Moderate Unreviewed
CVE-2022-46868 was published Aug 31, 2023
Local privilege escalation due to improper soft link handling. The following products are... Moderate Unreviewed
CVE-2023-44209 was published Oct 4, 2023
ProTip! Advisories are also available from the GraphQL API