Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext... Critical Unreviewed
CVE-2018-20839 was published May 24, 2022
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module... Critical Unreviewed
CVE-2019-5016 was published May 24, 2022
Openstack Magnum Unsafe Credential Handling Critical
CVE-2016-7404 was published for openstack-magnum (pip) May 24, 2022
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4.... Critical Unreviewed
CVE-2019-11991 was published May 24, 2022
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon... Critical Unreviewed
CVE-2019-2254 was published May 24, 2022
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer... Critical Unreviewed
CVE-2019-6177 was published May 24, 2022
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a... Critical Unreviewed
CVE-2019-15859 was published May 24, 2022
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect... Critical Unreviewed
CVE-2019-18823 was published May 24, 2022
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015... Critical Unreviewed
CVE-2020-27183 was published May 24, 2022
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take... Critical Unreviewed
CVE-2020-26167 was published May 24, 2022
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile... Critical Unreviewed
CVE-2020-27134 was published May 24, 2022
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during... Critical Unreviewed
CVE-2020-25179 was published May 24, 2022
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an... Critical Unreviewed
CVE-2020-28199 was published May 24, 2022
admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load... Critical Unreviewed
CVE-2021-32925 was published May 24, 2022
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive... Critical Unreviewed
CVE-2015-0152 was published May 24, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not... Critical Unreviewed
CVE-2021-3688 was published Aug 27, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to... Critical Unreviewed
CVE-2023-0321 was published Jan 26, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM... Critical Unreviewed
CVE-2023-32113 was published May 9, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database