Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to... High Unreviewed
CVE-2011-3355 was published Apr 22, 2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone... High Unreviewed
CVE-2022-29945 was published Apr 30, 2022
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted... High Unreviewed
CVE-2017-7729 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were... High Unreviewed
CVE-2017-12817 was published May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by... High Unreviewed
CVE-2019-6518 was published May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or... High Unreviewed
CVE-2017-17763 was published May 13, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2018-1683 was published May 13, 2022
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for... High Unreviewed
CVE-2017-5251 was published May 13, 2022
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a... High Unreviewed
CVE-2017-15397 was published May 13, 2022
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other... High Unreviewed
CVE-2017-15581 was published May 13, 2022
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a... High Unreviewed
CVE-2017-15609 was published May 13, 2022
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud... High Unreviewed
CVE-2017-8221 was published May 13, 2022
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17... High Unreviewed
CVE-2017-9604 was published May 13, 2022
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer... High Unreviewed
CVE-2018-14607 was published May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level... High Unreviewed
CVE-2018-14608 was published May 13, 2022
Ansible Leaks Data Passed to ssh-keygen High
CVE-2018-16837 was published for ansible (pip) May 13, 2022
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This... High Unreviewed
CVE-2018-5162 was published May 13, 2022
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext... High Unreviewed
CVE-2018-5261 was published May 13, 2022
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the... High Unreviewed
CVE-2018-5481 was published May 13, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions... High Unreviewed
CVE-2018-7781 was published May 13, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files High
CVE-2019-11405 was published for org.openapitools:openapi-generator (Maven) May 24, 2022
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var... High Unreviewed
CVE-2019-10139 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API