Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an... Critical Unreviewed
CVE-2020-4499 was published May 24, 2022
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting... Critical Unreviewed
CVE-2020-11856 was published May 24, 2022
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,... Critical Unreviewed
CVE-2020-6823 was published May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010152 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010150 was published May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms... Critical Unreviewed
CVE-2019-1010149 was published May 24, 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts... Critical Unreviewed
CVE-2022-22282 was published May 14, 2022
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file... Critical Unreviewed
CVE-2018-8755 was published May 13, 2022
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e... Critical Unreviewed
CVE-2018-7702 was published May 13, 2022
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in... Critical Unreviewed
CVE-2018-6000 was published May 13, 2022
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the... Critical Unreviewed
CVE-2018-5377 was published May 13, 2022
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web... Critical Unreviewed
CVE-2018-11541 was published May 13, 2022
Juju uses a UNIX domain socket without setting appropriate permissions Critical
CVE-2017-9232 was published for github.com/juju/juju (Go) May 13, 2022
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center... Critical Unreviewed
CVE-2017-6639 was published May 13, 2022
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an... Critical Unreviewed
CVE-2017-6622 was published May 13, 2022
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P... Critical Unreviewed
CVE-2017-12582 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... Critical Unreviewed
CVE-2018-18996 was published May 13, 2022
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the... Critical Unreviewed
CVE-2018-16591 was published May 13, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config... Critical Unreviewed
CVE-2019-9002 was published May 13, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed
CVE-2018-4059 was published May 13, 2022
An missing authorization vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed
CVE-2021-44055 was published May 6, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass Critical Unreviewed
CVE-2013-3960 was published May 5, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n Credited to knutz3n and kurt-r2c kurt-r2c kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database