Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,657
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

492 advisories

Loading
** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from... Moderate Unreviewed
CVE-2020-12063 was published May 24, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow... High Unreviewed
CVE-2020-7487 was published May 24, 2022
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that... Moderate Unreviewed
CVE-2020-11539 was published May 24, 2022
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6443 was published May 24, 2022
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of... High Unreviewed
CVE-2020-27670 was published May 24, 2022
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the... Moderate Unreviewed
CVE-2019-8921 was published Nov 30, 2021
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV... Moderate Unreviewed
CVE-2021-40491 was published May 24, 2022
In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is... Moderate Unreviewed
CVE-2019-0379 was published May 24, 2022
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the... High Unreviewed
CVE-2022-20829 was published Jun 25, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed
CVE-2022-39909 was published Dec 8, 2022
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002... High Unreviewed
CVE-2019-12504 was published May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed
CVE-2022-2789 was published Aug 20, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in... High Unreviewed
CVE-2015-2908 was published May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass... High Unreviewed
CVE-2016-3983 was published May 17, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and... High Unreviewed
CVE-2014-4936 was published May 17, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom... High Unreviewed
CVE-2022-30269 was published Jul 27, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to... High Unreviewed
CVE-2016-2309 was published May 17, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the... Critical Unreviewed
CVE-2022-29958 was published Jul 27, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause... High Unreviewed
CVE-2022-34763 was published Jul 14, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed
CVE-2022-31598 was published Jul 13, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML... High Unreviewed
CVE-2015-5236 was published Jul 8, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS... Critical Unreviewed
CVE-2022-31800 was published Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS... Critical Unreviewed
CVE-2022-31801 was published Jun 22, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep... High Unreviewed
CVE-2017-11379 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database