Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2023-37621 was published Feb 1, 2024
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers... Critical Unreviewed
CVE-2023-45911 was published Oct 18, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the... Critical Unreviewed
CVE-2020-22647 was published Mar 16, 2023
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400... Critical Unreviewed
CVE-2022-4390 was published Dec 9, 2022
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary... Critical Unreviewed
CVE-2013-4561 was published Jul 1, 2022
Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f... Critical Unreviewed
CVE-2022-32328 was published Jun 15, 2022
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked... Critical Unreviewed
CVE-2022-32559 was published Jun 15, 2022
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A... Critical Unreviewed
CVE-2022-26869 was published Jun 3, 2022
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only... Critical Unreviewed
CVE-2021-20999 was published May 24, 2022
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender... Critical Unreviewed
CVE-2021-3554 was published May 24, 2022
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to... Critical Unreviewed
CVE-2021-22869 was published May 24, 2022
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier... Critical Unreviewed
CVE-2021-20790 was published May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive... Critical Unreviewed
CVE-2021-29715 was published May 24, 2022
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product... Critical Unreviewed
CVE-2021-35211 was published May 24, 2022
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a... Critical Unreviewed
CVE-2021-35958 was published May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Critical Unreviewed
CVE-2021-30190 was published May 24, 2022
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows... Critical Unreviewed
CVE-2021-27236 was published May 24, 2022
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows... Critical Unreviewed
CVE-2020-16263 was published May 24, 2022
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically... Critical Unreviewed
CVE-2019-19015 was published May 24, 2022
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which... Critical Unreviewed
CVE-2019-12929 was published May 24, 2022
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,... Critical Unreviewed
CVE-2019-12928 was published May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated... Critical Unreviewed
CVE-2019-1848 was published May 24, 2022
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all... Critical Unreviewed
CVE-2018-7846 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database