GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
342 advisories
Filter by severity
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in...
High
Unreviewed
CVE-2019-1000012
was published
May 13, 2022
Hex authenticity of signed packages not validated
High
CVE-2019-1000013
was published
for
hex_core
(Erlang)
May 13, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon...
High
Unreviewed
CVE-2018-7798
was published
May 13, 2022
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges...
Moderate
Unreviewed
CVE-2021-26368
was published
May 13, 2022
This vulnerability arises because the application allows the user to perform some sensitive...
Moderate
Unreviewed
CVE-2021-27759
was published
May 7, 2022
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to...
Moderate
Unreviewed
CVE-2020-14122
was published
Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by...
High
Unreviewed
CVE-2020-14116
was published
Apr 22, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive...
High
Unreviewed
CVE-2022-20795
was published
Apr 22, 2022
Authorized users may install a maliciously modified package file when updating the device via the...
High
Unreviewed
CVE-2022-26516
was published
Apr 21, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was...
High
Unreviewed
CVE-2021-26625
was published
Apr 20, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a...
High
Unreviewed
CVE-2021-4031
was published
Mar 19, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
High
Unreviewed
CVE-2020-14111
was published
Mar 11, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
Critical
Unreviewed
CVE-2020-14115
was published
Mar 11, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to...
Critical
Unreviewed
CVE-2022-0715
was published
Mar 10, 2022
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to...
Moderate
Unreviewed
CVE-2021-24825
was published
Mar 8, 2022
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient...
Moderate
Unreviewed
CVE-2022-22567
was published
Feb 10, 2022
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an...
Critical
Unreviewed
CVE-2022-22994
was published
Jan 29, 2022
dnslib has DNS reply verification issue
High
CVE-2022-22846
was published
for
dnslib
(pip)
Jan 12, 2022
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate...
Moderate
Unreviewed
CVE-2020-10137
was published
Jan 11, 2022
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does...
Critical
Unreviewed
CVE-2021-36751
was published
Jan 3, 2022
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and...
Critical
Unreviewed
CVE-2020-7878
was published
Dec 29, 2021
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface...
High
Unreviewed
CVE-2021-26103
was published
Dec 9, 2021
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the...
Moderate
Unreviewed
CVE-2019-8921
was published
Nov 30, 2021
Missing validation during checkpoint loading
High
CVE-2021-41203
was published
for
tensorflow
(pip)
Nov 10, 2021
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
ProTip!
Advisories are also available from the
GraphQL API