Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed
CVE-2016-4553 was published May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed
CVE-2016-4554 was published May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior... High Unreviewed
CVE-2017-3218 was published May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in... High Unreviewed
CVE-2017-10624 was published May 13, 2022
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.... High Unreviewed
CVE-2022-30262 was published Aug 18, 2022
Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed
CVE-2017-3219 was published May 13, 2022
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local... High Unreviewed
CVE-2017-0563 was published May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to... High Unreviewed
CVE-2017-11178 was published May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... High Unreviewed
CVE-2017-11130 was published May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e... High Unreviewed
CVE-2017-17023 was published May 13, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by... High Unreviewed
CVE-2017-9606 was published May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)... High Unreviewed
CVE-2018-12333 was published May 13, 2022
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive... High Unreviewed
CVE-2018-6562 was published May 13, 2022
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An... High Unreviewed
CVE-2018-7932 was published May 13, 2022
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient,... High Unreviewed
CVE-2022-26122 was published Nov 2, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it... High Unreviewed
CVE-2016-1493 was published May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer... High Unreviewed
CVE-2015-4674 was published May 14, 2022
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to... High Unreviewed
CVE-2022-31877 was published Nov 28, 2022
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings... High Unreviewed
CVE-2018-10080 was published May 14, 2022
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is... High Unreviewed
CVE-2020-16122 was published May 24, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific... High Unreviewed
CVE-2017-14091 was published May 14, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... High Unreviewed
CVE-2022-36360 was published Oct 11, 2022
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and... High Unreviewed
CVE-2014-2718 was published May 17, 2022
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal,... High Unreviewed
CVE-2020-12406 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database