Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4... High Unreviewed
CVE-2021-35532 was published Jun 8, 2022
RuoYi vulnerable to arbitrary file download High
CVE-2023-27025 was published for com.ruoyi:ruoyi (Maven) Apr 2, 2023
An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers... High Unreviewed
CVE-2023-23110 was published Feb 2, 2023
A download of code without integrity check vulnerability in the "execute restore src-vis" command... High Unreviewed
CVE-2021-44168 was published Jan 5, 2022
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote... Critical Unreviewed
CVE-2020-7883 was published Dec 29, 2021
Sinatra vulnerable to Reflected File Download attack High
CVE-2022-45442 was published for sinatra (RubyGems) Nov 30, 2022
motoyasu-saburi
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High
CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC... High Unreviewed
CVE-2018-13012 was published May 13, 2022
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred... Low Unreviewed
CVE-2017-2739 was published May 13, 2022
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in... High Unreviewed
CVE-2017-2707 was published May 13, 2022
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12306 was published May 13, 2022
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of... High Unreviewed
CVE-2017-13083 was published May 13, 2022
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows... High Unreviewed
CVE-2018-19234 was published May 13, 2022
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to... High Unreviewed
CVE-2018-4009 was published May 13, 2022
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-36671 was published Sep 2, 2022
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on... High Unreviewed
CVE-2020-28213 was published May 24, 2022
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services... Moderate Unreviewed
CVE-2022-38199 was published Oct 25, 2022
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote... High Unreviewed
CVE-2020-7875 was published May 24, 2022
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of... High Unreviewed
CVE-2020-7874 was published May 24, 2022
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd... Critical Unreviewed
CVE-2020-7873 was published May 24, 2022
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS... Moderate Unreviewed
CVE-2021-30658 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur... Moderate Unreviewed
CVE-2021-30669 was published May 24, 2022
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC... High Unreviewed
CVE-2021-38588 was published May 24, 2022
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A... High Unreviewed
CVE-2021-33879 was published May 24, 2022
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid... Moderate Unreviewed
CVE-2020-25266 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database