GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access...
Moderate
Unreviewed
CVE-2020-27587
was published
May 24, 2022
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify...
Moderate
Unreviewed
CVE-2020-27585
was published
May 24, 2022
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users'...
Low
Unreviewed
CVE-2020-8956
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by...
Moderate
Unreviewed
CVE-2020-4574
was published
May 24, 2022
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set...
High
Unreviewed
CVE-2019-18872
was published
May 24, 2022
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak...
High
Unreviewed
CVE-2020-8790
was published
May 24, 2022
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote...
High
Unreviewed
CVE-2020-11966
was published
May 24, 2022
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in...
Moderate
Unreviewed
CVE-2019-19093
was published
May 24, 2022
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a...
Low
Unreviewed
CVE-2020-8632
was published
May 24, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)....
Critical
Unreviewed
CVE-2019-13918
was published
May 24, 2022
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should...
High
Unreviewed
CVE-2019-4067
was published
May 24, 2022
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud...
Critical
Unreviewed
CVE-2019-9950
was published
May 24, 2022
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
Critical
Unreviewed
CVE-2022-1775
was published
May 21, 2022
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application...
Critical
Unreviewed
CVE-2018-19064
was published
May 13, 2022
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04...
High
Unreviewed
CVE-2018-18562
was published
May 13, 2022
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65...
High
Unreviewed
CVE-2018-15748
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have...
Critical
Unreviewed
CVE-2018-1372
was published
May 13, 2022
Baseon Lantronix MSS devices do not require a password for TELNET access.
Critical
Unreviewed
CVE-2018-12925
was published
May 13, 2022
Weak Password Requirements in UnboundID LDAP SDK
Critical
CVE-2018-1000134
was published
for
com.unboundid:unboundid-ldapsdk
(Maven)
May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a...
Critical
Unreviewed
CVE-2017-9853
was published
May 13, 2022
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four...
High
Unreviewed
CVE-2017-9818
was published
May 13, 2022
** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it...
Moderate
Unreviewed
CVE-2017-7305
was published
May 13, 2022
** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password for the secure vault,...
Moderate
Unreviewed
CVE-2017-7306
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API