Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

445 advisories

Loading
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random... Critical Unreviewed
CVE-2016-0391 was published May 17, 2022
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier... Critical Unreviewed
CVE-2016-5302 was published May 17, 2022
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions... Critical Unreviewed
CVE-2016-4501 was published May 17, 2022
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211... Critical Unreviewed
CVE-2016-2275 was published May 17, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel Credited to westonsteimel
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580,... Critical Unreviewed
CVE-2018-7847 was published May 24, 2022
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh... Critical Unreviewed
CVE-2022-26346 was published Aug 6, 2022
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access... Critical Unreviewed
CVE-2023-0017 was published Jan 10, 2023
An improper access control vulnerability has been reported to affect certain legacy versions of... Critical Unreviewed
CVE-2021-28809 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and... Critical Unreviewed
CVE-2020-7561 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
The server permits communication without any authentication procedure, allowing the attacker to... Critical Unreviewed
CVE-2021-38457 was published May 24, 2022
An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems... Critical Unreviewed
CVE-2022-27805 was published Oct 25, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows... Critical Unreviewed
CVE-2015-0150 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2729 was published May 24, 2022
A vulnerability was found in House Rental System and classified as critical. Affected by this... Critical Unreviewed
CVE-2022-4276 was published Dec 3, 2022
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ... Critical Unreviewed
CVE-2016-9877 was published May 13, 2022
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers... Critical Unreviewed
CVE-2016-2788 was published May 13, 2022
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote... Critical Unreviewed
CVE-2016-5118 was published May 13, 2022
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords.... Critical Unreviewed
CVE-2022-2052 was published Oct 17, 2022
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x... Critical Unreviewed
CVE-2016-5022 was published May 14, 2022
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to... Critical Unreviewed
CVE-2013-5654 was published May 14, 2022
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS... Critical Unreviewed
CVE-2016-0088 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database