Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized... High Unreviewed
CVE-2017-16651 was published May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download... High Unreviewed
CVE-2018-10869 was published May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which... High Unreviewed
CVE-2017-11746 was published May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers... High Unreviewed
CVE-2018-16946 was published May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative... High Unreviewed
CVE-2018-5112 was published May 13, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,... High Unreviewed
CVE-2018-9587 was published May 13, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup... High Unreviewed
CVE-2017-2551 was published May 17, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29446 was published May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29447 was published May 21, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27... High Unreviewed
CVE-2019-13404 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3926 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3927 was published May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system... High Unreviewed
CVE-2019-7305 was published May 24, 2022
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection... High Unreviewed
CVE-2020-26549 was published May 24, 2022
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape... High Unreviewed
CVE-2021-20253 was published May 24, 2022
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and... High Unreviewed
CVE-2021-29024 was published May 24, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4... High Unreviewed
CVE-2021-31831 was published May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an... High Unreviewed
CVE-2021-33359 was published May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. High Unreviewed
CVE-2021-36763 was published May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control... High Unreviewed
CVE-2021-36276 was published May 24, 2022
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation... High Unreviewed
CVE-2021-37348 was published May 24, 2022
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. High Unreviewed
CVE-2021-38711 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API