GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
342 advisories
Filter by severity
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and...
High
Unreviewed
CVE-2014-4936
was published
May 17, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to...
High
Unreviewed
CVE-2016-2309
was published
May 17, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep...
High
Unreviewed
CVE-2017-11379
was published
May 17, 2022
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and...
High
Unreviewed
CVE-2014-2718
was published
May 17, 2022
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for...
Moderate
Unreviewed
CVE-2015-9232
was published
May 17, 2022
Insufficient Data Verification in io.really:jwt-scala
Moderate
CVE-2017-10862
was published
for
io.really:jwt-scala
(Maven)
May 17, 2022
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker...
Moderate
Unreviewed
CVE-2017-2701
was published
May 17, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific...
High
Unreviewed
CVE-2017-14091
was published
May 14, 2022
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module...
High
Unreviewed
CVE-2014-8165
was published
May 14, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle...
Moderate
Unreviewed
CVE-2017-1773
was published
May 14, 2022
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings...
High
Unreviewed
CVE-2018-10080
was published
May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer...
High
Unreviewed
CVE-2015-4674
was published
May 14, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it...
High
Unreviewed
CVE-2016-1493
was published
May 14, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote...
Moderate
Unreviewed
CVE-2015-0251
was published
May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
Moderate
CVE-2015-0259
was published
for
nova
(pip)
May 14, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An...
High
Unreviewed
CVE-2018-7932
was published
May 13, 2022
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive...
High
Unreviewed
CVE-2018-6562
was published
May 13, 2022
A content spoofing vulnerability in the following components allows to render html pages...
Moderate
Unreviewed
CVE-2018-2434
was published
May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)...
High
Unreviewed
CVE-2018-12333
was published
May 13, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by...
High
Unreviewed
CVE-2017-9606
was published
May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e...
High
Unreviewed
CVE-2017-17023
was published
May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to...
High
Unreviewed
CVE-2017-11178
was published
May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for...
High
Unreviewed
CVE-2017-11130
was published
May 13, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API