Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
ExternalName Services can be used to gain access to Envoy's admin interface High
CVE-2021-32783 was published for github.com/projectcontour/contour (Go) Aug 30, 2021
josh-ferrell
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to... High Unreviewed
CVE-2021-1003 was published Dec 16, 2021
Password vault has a External Control of System or Configuration Setting vulnerability.Successful... High Unreviewed
CVE-2021-39971 was published Jan 4, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due... High Unreviewed
CVE-2021-39626 was published Jan 15, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to... High Unreviewed
CVE-2021-1035 was published Jan 15, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused... High Unreviewed
CVE-2021-39668 was published Feb 12, 2022
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a... High Unreviewed
CVE-2021-39663 was published Feb 12, 2022
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call... High Unreviewed
CVE-2021-39707 was published Mar 17, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to... High Unreviewed
CVE-2021-39703 was published Mar 17, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could... High Unreviewed
CVE-2021-39787 was published Mar 31, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed
CVE-2022-20789 was published Apr 22, 2022
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,... High Unreviewed
CVE-2021-43066 was published May 12, 2022
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the... High Unreviewed
CVE-2018-9582 was published May 13, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7195 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7194 was published May 24, 2022
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote... High Unreviewed
CVE-2019-3996 was published May 24, 2022
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs... High Unreviewed
CVE-2020-6105 was published May 24, 2022
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to... High Unreviewed
CVE-2020-25161 was published May 24, 2022
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to... High Unreviewed
CVE-2021-27183 was published May 24, 2022
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non... High Unreviewed
CVE-2021-30245 was published May 24, 2022
Externally controlled reference to a resource in another sphere in quarantine functionality in... High Unreviewed
CVE-2021-27648 was published May 24, 2022
In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due... High Unreviewed
CVE-2021-0608 was published May 24, 2022
In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE... High Unreviewed
CVE-2021-0550 was published May 24, 2022
In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a... High Unreviewed
CVE-2021-0536 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database