GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,259
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
282 advisories
Filter by severity
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is...
Moderate
Unreviewed
CVE-2022-20538
was published
Dec 19, 2022
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access...
Moderate
Unreviewed
CVE-2022-46392
was published
Dec 16, 2022
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability...
Moderate
Unreviewed
CVE-2022-4087
was published
Nov 21, 2022
An information-disclosure vulnerability exists on select NXP devices when configured in Serial...
Moderate
Unreviewed
CVE-2022-45163
was published
Nov 19, 2022
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow...
Moderate
Unreviewed
CVE-2022-20940
was published
Nov 16, 2022
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in...
Moderate
Unreviewed
CVE-2020-35473
was published
Nov 8, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names...
Moderate
Unreviewed
CVE-2021-45925
was published
Oct 24, 2022
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based...
Moderate
Unreviewed
CVE-2022-2891
was published
Oct 11, 2022
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which...
Moderate
Unreviewed
CVE-2022-35888
was published
Sep 30, 2022
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the...
Moderate
Unreviewed
CVE-2022-32218
was published
Sep 25, 2022
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to...
Moderate
Unreviewed
CVE-2022-1989
was published
Aug 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users...
Moderate
Unreviewed
CVE-2022-34623
was published
Aug 20, 2022
In Framework, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20324
was published
Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel...
Moderate
Unreviewed
CVE-2022-20304
was published
Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20293
was published
Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20291
was published
Aug 13, 2022
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79...
Moderate
Unreviewed
CVE-2022-2612
was published
Aug 13, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20242
was published
Aug 12, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-0975
was published
Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-34704
was published
Aug 10, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by...
Moderate
Unreviewed
CVE-2022-32425
was published
Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified...
Moderate
Unreviewed
CVE-2022-20752
was published
Jul 7, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid...
Moderate
Unreviewed
CVE-2021-41634
was published
Jun 25, 2022
A potential vulnerability in some AMD processors using frequency scaling may allow an...
Moderate
Unreviewed
CVE-2022-23823
was published
Jun 16, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an...
Moderate
Unreviewed
CVE-2022-24436
was published
Jun 16, 2022
ProTip!
Advisories are also available from the
GraphQL API