Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the... Moderate Unreviewed
CVE-2021-43772 was published Dec 4, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows... Low Unreviewed
CVE-2021-25521 was published Dec 9, 2021
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote... Moderate Unreviewed
CVE-2021-31850 was published Dec 9, 2021
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an... Moderate Unreviewed
CVE-2017-1602 was published May 13, 2022
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized... Critical Unreviewed
CVE-2017-10930 was published May 13, 2022
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update... Moderate Unreviewed
CVE-2017-11829 was published May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated... Moderate Unreviewed
CVE-2017-1308 was published May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which... High Unreviewed
CVE-2017-11746 was published May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently... Critical Unreviewed
CVE-2017-14942 was published May 13, 2022
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... High Unreviewed
CVE-2022-4140 was published Jan 3, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... Moderate Unreviewed
CVE-2022-4236 was published Jan 3, 2023
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS... Moderate Unreviewed
CVE-2017-6774 was published May 13, 2022
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue... Moderate Unreviewed
CVE-2017-7079 was published May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers... High Unreviewed
CVE-2018-16946 was published May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative... High Unreviewed
CVE-2018-5112 was published May 13, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,... High Unreviewed
CVE-2018-9587 was published May 13, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient... Moderate Unreviewed
CVE-2022-45052 was published Jan 4, 2023
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup... High Unreviewed
CVE-2017-2551 was published May 17, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2981 was published Oct 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically... Moderate Unreviewed
CVE-2022-22268 was published Jan 11, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22267 was published Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-22270 was published Jan 11, 2022
ProTip! Advisories are also available from the GraphQL API