Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All... Moderate Unreviewed
CVE-2021-25677 was published May 24, 2022
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote... Moderate Unreviewed
CVE-2021-25375 was published May 24, 2022
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms... Moderate Unreviewed
CVE-2021-3446 was published May 24, 2022
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of... Moderate Unreviewed
CVE-2021-0375 was published May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password... High Unreviewed
CVE-2020-13860 was published May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol... High Unreviewed
CVE-2020-27264 was published May 24, 2022
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface... Moderate Unreviewed
CVE-2020-17470 was published May 24, 2022
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute... Moderate Unreviewed
CVE-2020-15023 was published May 24, 2022
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and... Critical Unreviewed
CVE-2020-7548 was published May 24, 2022
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that... Critical Unreviewed
CVE-2020-25705 was published May 24, 2022
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon... High Unreviewed
CVE-2020-1472 was published May 24, 2022
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain... Moderate Unreviewed
CVE-2020-16166 was published May 24, 2022
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the... Moderate Unreviewed
CVE-2020-10274 was published May 24, 2022
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2020-13817 was published May 24, 2022
React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might... Moderate Unreviewed
CVE-2020-12270 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2... Moderate Unreviewed
CVE-2020-1759 was published May 24, 2022
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier... Low Unreviewed
CVE-2020-8631 was published May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of... Moderate Unreviewed
CVE-2018-19441 was published May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in... Moderate Unreviewed
CVE-2020-7241 was published May 24, 2022
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device... Moderate Unreviewed
CVE-2019-18282 was published May 24, 2022
A password generation weakness exists in xquest through 2016-06-13. Low Unreviewed
CVE-2016-4980 was published May 24, 2022
The token generator in index.php in Centreon Web before 2.8.27 is predictable. Moderate Unreviewed
CVE-2019-17105 was published May 24, 2022
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap... Critical Unreviewed
CVE-2019-2294 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API