Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

291 advisories

Loading
ManyDesigns Portofino subject to creation of insecure temporary file High
CVE-2022-3952 was published for com.manydesigns:portofino (Maven) Nov 11, 2022
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this... High Unreviewed
CVE-2022-44549 was published Nov 10, 2022
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and... High Unreviewed
CVE-2021-45446 was published Nov 2, 2022
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat... High Unreviewed
CVE-2013-4253 was published Oct 19, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to... High Unreviewed
CVE-2022-39870 was published Oct 7, 2022
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to... High Unreviewed
CVE-2022-39871 was published Oct 7, 2022
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1... High Unreviewed
CVE-2022-39864 was published Oct 7, 2022
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to... High Unreviewed
CVE-2022-39865 was published Oct 7, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to... High Unreviewed
CVE-2022-39867 was published Oct 7, 2022
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version... High Unreviewed
CVE-2022-39866 was published Oct 7, 2022
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89... High Unreviewed
CVE-2022-39868 was published Oct 7, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to... High Unreviewed
CVE-2022-39869 was published Oct 7, 2022
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using... High Unreviewed
CVE-2022-22480 was published Oct 7, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2021-38924 was published Sep 15, 2022
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability. High Unreviewed
CVE-2022-37958 was published Sep 14, 2022
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could... High Unreviewed
CVE-2022-20696 was published Sep 9, 2022
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a... High Unreviewed
CVE-2022-38258 was published Sep 9, 2022
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were... High Unreviewed
CVE-2022-1902 was published Sep 2, 2022
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The... High Unreviewed
CVE-2022-26330 was published Sep 1, 2022
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax... High Unreviewed
CVE-2022-36226 was published Aug 27, 2022
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation... High Unreviewed
CVE-2022-34775 was published Aug 23, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284... High Unreviewed
CVE-2022-2792 was published Aug 20, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct High
CVE-2022-35936 was published for github.com/Kava-Labs/kava (Go) Aug 18, 2022
yihuang tomtau
Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of... High Unreviewed
CVE-2021-45454 was published Aug 18, 2022
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below... High Unreviewed
CVE-2022-38184 was published Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database