Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers... Critical Unreviewed
CVE-2023-45911 was published Oct 18, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically... Critical Unreviewed
CVE-2019-19015 was published May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated... Critical Unreviewed
CVE-2019-1848 was published May 24, 2022
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,... Critical Unreviewed
CVE-2019-12928 was published May 24, 2022
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a... Critical Unreviewed
CVE-2021-35958 was published May 24, 2022
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which... Critical Unreviewed
CVE-2019-12929 was published May 24, 2022
Mondo 2.24 has insecure handling of temporary files. Critical Unreviewed
CVE-2007-3915 was published Apr 21, 2022
An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2023-37621 was published Feb 1, 2024
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when... Critical Unreviewed
CVE-2022-25643 was published Feb 25, 2022
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g.... Critical Unreviewed
CVE-2021-44676 was published Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of... Critical Unreviewed
CVE-2021-44525 was published Dec 21, 2021
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the... Critical Unreviewed
CVE-2020-22647 was published Mar 16, 2023
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the... Critical Unreviewed
CVE-2022-25010 was published Mar 3, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... Critical Unreviewed
CVE-2021-42640 was published Feb 9, 2022
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot... Critical Unreviewed
CVE-2018-7072 was published May 13, 2022
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices... Critical Unreviewed
CVE-2018-18068 was published May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and... Critical Unreviewed
CVE-2017-18129 was published May 13, 2022
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server... Critical Unreviewed
CVE-2017-12249 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16610 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16597 was published May 13, 2022
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44524 was published Dec 15, 2021
ProTip! Advisories are also available from the GraphQL API