Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper... High Unreviewed
CVE-2022-41688 was published Nov 1, 2022
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated... High Unreviewed
CVE-2022-41776 was published Nov 1, 2022
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user... High Unreviewed
CVE-2009-1780 was published May 2, 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an... High Unreviewed
CVE-2022-37062 was published Aug 19, 2022
The memory management module has the logic bypass vulnerability. Successful exploitation of this... High Unreviewed
CVE-2021-46852 was published Nov 10, 2022
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060... High Unreviewed
CVE-2019-6542 was published May 13, 2022
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An... High Unreviewed
CVE-2018-17924 was published May 3, 2022
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass... High Unreviewed
CVE-2007-0956 was published May 3, 2022
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed
CVE-2021-41975 was published May 24, 2022
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain... High Unreviewed
CVE-2019-5514 was published May 13, 2022
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote... High Unreviewed
CVE-2019-6447 was published May 13, 2022
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3... High Unreviewed
CVE-2018-4840 was published May 13, 2022
D-Link routers with the mydlink feature have some web interfaces without authentication... High Unreviewed
CVE-2019-7642 was published May 13, 2022
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service... High Unreviewed
CVE-2017-12575 was published May 13, 2022
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without... High Unreviewed
CVE-2022-42982 was published Nov 17, 2022
Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with... High Unreviewed
CVE-2022-43989 was published Nov 2, 2022
Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0... High Unreviewed
CVE-2022-43990 was published Nov 2, 2022
A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series... High Unreviewed
CVE-2019-1654 was published May 13, 2022
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all... High Unreviewed
CVE-2018-17906 was published May 13, 2022
Missing Authentication for Critical Function in Apache NiFi High
CVE-2020-9487 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Authentication bypass for specific endpoint High
CVE-2021-29442 was published for com.alibaba.nacos:nacos-common (Maven) Apr 27, 2021
Authentication bypass in Apache Hadoop High
CVE-2018-11764 was published for org.apache.hadoop:hadoop-main (Maven) Feb 10, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands... High Unreviewed
CVE-2018-17880 was published May 13, 2022
Missing Authentication for Critical Function in Apache TomEE High
CVE-2020-11969 was published for org.apache.tomee:tomee (Maven) Feb 10, 2022
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the... High Unreviewed
CVE-2018-1745 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API