GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
High
Unreviewed
CVE-2020-14111
was published
Mar 11, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a...
High
Unreviewed
CVE-2021-4031
was published
Mar 19, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive...
High
Unreviewed
CVE-2022-20795
was published
Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by...
High
Unreviewed
CVE-2020-14116
was published
Apr 22, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in...
High
Unreviewed
CVE-2022-41156
was published
Nov 25, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was...
High
Unreviewed
CVE-2021-26625
was published
Apr 20, 2022
Authorized users may install a maliciously modified package file when updating the device via the...
High
Unreviewed
CVE-2022-26516
was published
Apr 21, 2022
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote...
High
Unreviewed
CVE-2021-21231
was published
May 24, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated,...
High
Unreviewed
CVE-2021-1403
was published
May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker...
High
Unreviewed
CVE-2021-31228
was published
May 24, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep...
High
Unreviewed
CVE-2017-11379
was published
May 17, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML...
High
Unreviewed
CVE-2015-5236
was published
Jul 8, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause...
High
Unreviewed
CVE-2022-34763
was published
Jul 14, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before...
High
Unreviewed
CVE-2022-37008
was published
Aug 11, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to...
High
Unreviewed
CVE-2016-2309
was published
May 17, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom...
High
Unreviewed
CVE-2022-30269
was published
Jul 27, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and...
High
Unreviewed
CVE-2014-4936
was published
May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass...
High
Unreviewed
CVE-2016-3983
was published
May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates...
High
Unreviewed
CVE-2016-2346
was published
May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in...
High
Unreviewed
CVE-2015-2908
was published
May 17, 2022
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated...
High
Unreviewed
CVE-2014-5406
was published
May 17, 2022
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002...
High
Unreviewed
CVE-2019-12504
was published
May 24, 2022
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the...
High
Unreviewed
CVE-2022-20829
was published
Jun 25, 2022
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of...
High
Unreviewed
CVE-2020-27670
was published
May 24, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow...
High
Unreviewed
CVE-2020-7487
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API