GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
Django-Anymail prone to a timing attack
Critical
CVE-2018-6596
was published
for
django-anymail
(pip)
Jul 12, 2018
Credential leak in org.apache.directory.api:apache-ldap-api
Critical
CVE-2018-1337
was published
for
org.apache.directory.api:apache-ldap-api
(Maven)
Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file...
Critical
Unreviewed
CVE-2021-45420
was published
Feb 15, 2022
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint...
Critical
Unreviewed
CVE-2021-3773
was published
Feb 17, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended...
Critical
Unreviewed
CVE-2010-2783
was published
Apr 21, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various...
Critical
Unreviewed
CVE-2021-43938
was published
Apr 30, 2022
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account...
Critical
Unreviewed
CVE-2018-11741
was published
May 13, 2022
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows...
Critical
Unreviewed
CVE-2018-11653
was published
May 13, 2022
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access...
Critical
Unreviewed
CVE-2017-5158
was published
May 13, 2022
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct...
Critical
Unreviewed
CVE-2018-12634
was published
May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability...
Critical
Unreviewed
CVE-2017-11435
was published
May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-...
Critical
Unreviewed
CVE-2017-9788
was published
May 13, 2022
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI)....
Critical
Unreviewed
CVE-2019-0040
was published
May 13, 2022
In Vignette Content Management version 6, it is possible to gain remote access to administrator...
Critical
Unreviewed
CVE-2018-18941
was published
May 13, 2022
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it...
Critical
Unreviewed
CVE-2018-20371
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API