GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
282 advisories
Filter by severity
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against...
Moderate
Unreviewed
CVE-2020-27211
was published
May 24, 2022
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a...
Moderate
Unreviewed
CVE-2021-29687
was published
May 24, 2022
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR...
Moderate
Unreviewed
CVE-2021-27342
was published
May 24, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker...
Moderate
Unreviewed
CVE-2021-1486
was published
May 24, 2022
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal...
Moderate
Unreviewed
CVE-2021-31866
was published
May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different...
Moderate
Unreviewed
CVE-2020-35518
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs...
Moderate
Unreviewed
CVE-2020-27170
was published
May 24, 2022
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21181
was published
May 24, 2022
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72...
Moderate
Unreviewed
CVE-2021-21173
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a...
Moderate
Unreviewed
CVE-2021-27583
was published
May 24, 2022
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login...
Moderate
Unreviewed
CVE-2020-9389
was published
May 24, 2022
A flaw was found in all released versions of m2crypto, where they are vulnerable to...
Moderate
Unreviewed
CVE-2020-25657
was published
May 24, 2022
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat...
Moderate
Unreviewed
CVE-2020-28208
was published
May 24, 2022
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security...
Moderate
Unreviewed
CVE-2021-3011
was published
May 24, 2022
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin...
Moderate
Unreviewed
CVE-2020-35624
was published
May 24, 2022
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and...
Moderate
Unreviewed
CVE-2020-35480
was published
May 24, 2022
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure....
Moderate
Unreviewed
CVE-2020-0464
was published
May 24, 2022
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES...
Moderate
Unreviewed
CVE-2020-28368
was published
May 24, 2022
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to...
Moderate
Unreviewed
CVE-2020-12912
was published
May 24, 2022
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco...
Moderate
Unreviewed
CVE-2020-3585
was published
May 24, 2022
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series...
Moderate
Unreviewed
CVE-2020-1685
was published
May 24, 2022
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management...
Moderate
Unreviewed
CVE-2020-5143
was published
May 24, 2022
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time...
Moderate
Unreviewed
CVE-2020-12401
was published
May 24, 2022
When converting coordinates from projective to affine, the modular inversion was not performed in...
Moderate
Unreviewed
CVE-2020-12400
was published
May 24, 2022
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth...
Moderate
Unreviewed
CVE-2020-25200
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API