Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44523 was published Dec 15, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44524 was published Dec 15, 2021
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g.... Critical Unreviewed
CVE-2021-44676 was published Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of... Critical Unreviewed
CVE-2021-44525 was published Dec 21, 2021
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... Critical Unreviewed
CVE-2021-42640 was published Feb 9, 2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator... Critical Unreviewed
CVE-2022-25236 was published Feb 17, 2022
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when... Critical Unreviewed
CVE-2022-25643 was published Feb 25, 2022
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the... Critical Unreviewed
CVE-2022-25010 was published Mar 3, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not... Critical Unreviewed
CVE-2022-27919 was published Mar 26, 2022
Mondo 2.24 has insecure handling of temporary files. Critical Unreviewed
CVE-2007-3915 was published Apr 21, 2022
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log... Critical Unreviewed
CVE-2022-27332 was published Apr 28, 2022
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead... Critical Unreviewed
CVE-2021-42001 was published May 3, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16610 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16597 was published May 13, 2022
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server... Critical Unreviewed
CVE-2017-12249 was published May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and... Critical Unreviewed
CVE-2017-18129 was published May 13, 2022
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices... Critical Unreviewed
CVE-2018-18068 was published May 13, 2022
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot... Critical Unreviewed
CVE-2018-7072 was published May 13, 2022
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS... Critical Unreviewed
CVE-2022-1467 was published May 24, 2022
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all... Critical Unreviewed
CVE-2018-7846 was published May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated... Critical Unreviewed
CVE-2019-1848 was published May 24, 2022
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which... Critical Unreviewed
CVE-2019-12929 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API