GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4...
High
Unreviewed
CVE-2021-35532
was published
Jun 8, 2022
RuoYi vulnerable to arbitrary file download
High
CVE-2023-27025
was published
for
com.ruoyi:ruoyi
(Maven)
Apr 2, 2023
An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers...
High
Unreviewed
CVE-2023-23110
was published
Feb 2, 2023
A download of code without integrity check vulnerability in the "execute restore src-vis" command...
High
Unreviewed
CVE-2021-44168
was published
Jan 5, 2022
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote...
Critical
Unreviewed
CVE-2020-7883
was published
Dec 29, 2021
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC...
High
Unreviewed
CVE-2018-13012
was published
May 13, 2022
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred...
Low
Unreviewed
CVE-2017-2739
was published
May 13, 2022
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in...
High
Unreviewed
CVE-2017-2707
was published
May 13, 2022
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local...
Moderate
Unreviewed
CVE-2017-12306
was published
May 13, 2022
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of...
High
Unreviewed
CVE-2017-13083
was published
May 13, 2022
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows...
High
Unreviewed
CVE-2018-19234
was published
May 13, 2022
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to...
High
Unreviewed
CVE-2018-4009
was published
May 13, 2022
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the...
High
Unreviewed
CVE-2022-36671
was published
Sep 2, 2022
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on...
High
Unreviewed
CVE-2020-28213
was published
May 24, 2022
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services...
Moderate
Unreviewed
CVE-2022-38199
was published
Oct 25, 2022
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote...
High
Unreviewed
CVE-2020-7875
was published
May 24, 2022
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of...
High
Unreviewed
CVE-2020-7874
was published
May 24, 2022
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd...
Critical
Unreviewed
CVE-2020-7873
was published
May 24, 2022
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2021-30658
was published
May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur...
Moderate
Unreviewed
CVE-2021-30669
was published
May 24, 2022
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC...
High
Unreviewed
CVE-2021-38588
was published
May 24, 2022
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A...
High
Unreviewed
CVE-2021-33879
was published
May 24, 2022
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid...
Moderate
Unreviewed
CVE-2020-25266
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API