Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed
CVE-2022-20789 was published Apr 22, 2022
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,... High Unreviewed
CVE-2021-43066 was published May 12, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed
CVE-2017-0211 was published May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed
CVE-2017-15269 was published May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed
CVE-2018-12381 was published May 13, 2022
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the... High Unreviewed
CVE-2018-9582 was published May 13, 2022
Shopware XXE Vulnerability Moderate
CVE-2017-18357 was published for shopware/shopware (Composer) May 14, 2022
In the Activity Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9292 was published May 24, 2022
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could... Low Unreviewed
CVE-2019-9440 was published May 24, 2022
In the Package Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9438 was published May 24, 2022
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to... Moderate Unreviewed
CVE-2019-18202 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7195 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7194 was published May 24, 2022
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote... High Unreviewed
CVE-2019-3996 was published May 24, 2022
An access issue was addressed with additional sandbox restrictions. This issue is fixed in... Critical Unreviewed
CVE-2019-7290 was published May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0338 was published May 24, 2022
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0337 was published May 24, 2022
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs... High Unreviewed
CVE-2020-6105 was published May 24, 2022
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers... Moderate Unreviewed
CVE-2021-26711 was published May 24, 2022
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to... High Unreviewed
CVE-2020-25161 was published May 24, 2022
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non... High Unreviewed
CVE-2021-30245 was published May 24, 2022
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to... High Unreviewed
CVE-2021-27183 was published May 24, 2022
Externally controlled reference to a resource in another sphere in quarantine functionality in... High Unreviewed
CVE-2021-27648 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database