Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead... Low Unreviewed
CVE-2023-5937 was published May 15, 2024
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Default permissions for a properties file were too permissive. Local system users could read... Low Unreviewed
CVE-2023-26427 was published Jun 20, 2023
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower Low
CVE-2023-23939 was published for Azure/setup-kubectl (GitHub Actions) Mar 7, 2023
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission... Low Unreviewed
CVE-2022-34314 was published Nov 15, 2022
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022... Low Unreviewed
CVE-2022-39887 was published Nov 10, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user... Low Unreviewed
CVE-2022-20330 was published Aug 13, 2022
In ActivityManager, there is a possible way to check another process's capabilities due to a... Low Unreviewed
CVE-2022-20262 was published Aug 13, 2022
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows... Low Unreviewed
CVE-2022-33689 was published Jul 13, 2022
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE)... Low Unreviewed
CVE-2021-34758 was published May 24, 2022
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to... Low Unreviewed
CVE-2020-0904 was published May 24, 2022
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol... Low Unreviewed
CVE-2018-17766 was published May 24, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Low Unreviewed
CVE-2020-4414 was published May 24, 2022
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only.... Low Unreviewed
CVE-2019-20883 was published May 24, 2022
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1.... Low Unreviewed
CVE-2020-10782 was published May 24, 2022
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does... Low Unreviewed
CVE-2020-13696 was published May 24, 2022
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service... Low Unreviewed
CVE-2020-1123 was published May 24, 2022
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service... Low Unreviewed
CVE-2020-1084 was published May 24, 2022
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates... Low Unreviewed
CVE-2019-19335 was published May 24, 2022
ZTE E8820V3 router product is impacted by a permission and access control vulnerability.... Low Unreviewed
CVE-2020-6863 was published May 24, 2022
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt... Low Unreviewed
CVE-2019-18899 was published May 24, 2022
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower... Low Unreviewed
CVE-2019-19341 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API