GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
124 advisories
Filter by severity
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface...
High
Unreviewed
CVE-2021-26103
was published
Dec 9, 2021
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
High
Unreviewed
CVE-2020-14111
was published
Mar 11, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a...
High
Unreviewed
CVE-2021-4031
was published
Mar 19, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was...
High
Unreviewed
CVE-2021-26625
was published
Apr 20, 2022
Authorized users may install a maliciously modified package file when updating the device via the...
High
Unreviewed
CVE-2022-26516
was published
Apr 21, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive...
High
Unreviewed
CVE-2022-20795
was published
Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by...
High
Unreviewed
CVE-2020-14116
was published
Apr 22, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon...
High
Unreviewed
CVE-2018-7798
was published
May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in...
High
Unreviewed
CVE-2019-1000012
was published
May 13, 2022
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV...
High
Unreviewed
CVE-2019-0805
was published
May 13, 2022
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the...
High
Unreviewed
CVE-2019-7323
was published
May 13, 2022
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks...
High
Unreviewed
CVE-2017-11103
was published
May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host...
High
Unreviewed
CVE-2016-4553
was published
May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin...
High
Unreviewed
CVE-2016-4554
was published
May 13, 2022
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for...
High
Unreviewed
CVE-2015-7539
was published
May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State...
High
Unreviewed
CVE-2017-3224
was published
May 13, 2022
Acronis True Image up to and including version 2017 Build 8053 performs software updates using...
High
Unreviewed
CVE-2017-3219
was published
May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior...
High
Unreviewed
CVE-2017-3218
was published
May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in...
High
Unreviewed
CVE-2017-10624
was published
May 13, 2022
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local...
High
Unreviewed
CVE-2017-0563
was published
May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for...
High
Unreviewed
CVE-2017-11130
was published
May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to...
High
Unreviewed
CVE-2017-11178
was published
May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e...
High
Unreviewed
CVE-2017-17023
was published
May 13, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by...
High
Unreviewed
CVE-2017-9606
was published
May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)...
High
Unreviewed
CVE-2018-12333
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API