GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
48 advisories
Filter by severity
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation...
Critical
Unreviewed
CVE-2021-43674
was published
Dec 4, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated...
Critical
Unreviewed
CVE-2021-44524
was published
Dec 15, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated...
Critical
Unreviewed
CVE-2021-44523
was published
Dec 15, 2021
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g....
Critical
Unreviewed
CVE-2021-44676
was published
Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of...
Critical
Unreviewed
CVE-2021-44525
was published
Dec 21, 2021
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can...
Critical
Unreviewed
CVE-2022-21817
was published
Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct...
Critical
Unreviewed
CVE-2021-42640
was published
Feb 9, 2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator...
Critical
Unreviewed
CVE-2022-25236
was published
Feb 17, 2022
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when...
Critical
Unreviewed
CVE-2022-25643
was published
Feb 25, 2022
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the...
Critical
Unreviewed
CVE-2022-25010
was published
Mar 3, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any...
Critical
Unreviewed
CVE-2022-24074
was published
Mar 18, 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not...
Critical
Unreviewed
CVE-2022-27919
was published
Mar 26, 2022
Mondo 2.24 has insecure handling of temporary files.
Critical
Unreviewed
CVE-2007-3915
was published
Apr 21, 2022
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log...
Critical
Unreviewed
CVE-2022-27332
was published
Apr 28, 2022
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead...
Critical
Unreviewed
CVE-2021-42001
was published
May 3, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-16610
was published
May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-16597
was published
May 13, 2022
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server...
Critical
Unreviewed
CVE-2017-12249
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and...
Critical
Unreviewed
CVE-2017-18129
was published
May 13, 2022
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices...
Critical
Unreviewed
CVE-2018-18068
was published
May 13, 2022
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot...
Critical
Unreviewed
CVE-2018-7072
was published
May 13, 2022
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS...
Critical
Unreviewed
CVE-2022-1467
was published
May 24, 2022
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all...
Critical
Unreviewed
CVE-2018-7846
was published
May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated...
Critical
Unreviewed
CVE-2019-1848
was published
May 24, 2022
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,...
Critical
Unreviewed
CVE-2019-12928
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API