Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Basic auth bypass in esphome High
CVE-2021-41104 was published for esphome (pip) Sep 29, 2021
andir
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3... High Unreviewed
CVE-2023-46381 was published Nov 5, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21839 was published Jan 18, 2023
Mautic has insufficient authentication in upgrade flow High
CVE-2022-25770 was published for mautic/core (Composer) Sep 19, 2024
Mautic has insufficient authentication in upgrade flow High
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed
CVE-2024-8012 was published Sep 10, 2024
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).... High Unreviewed
CVE-2022-39425 was published Oct 19, 2022
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger... High Unreviewed
CVE-2023-21856 was published Jan 18, 2023
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).... High Unreviewed
CVE-2022-39426 was published Oct 19, 2022
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21837 was published Jan 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21931 was published Apr 18, 2023
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations... High Unreviewed
CVE-2021-3825 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21979 was published Apr 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... High Unreviewed
CVE-2023-21842 was published Jan 18, 2023
Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality... High Unreviewed
CVE-2023-22087 was published Oct 18, 2023
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... High Unreviewed
CVE-2023-22047 was published Jul 18, 2023
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP... High Unreviewed
CVE-2024-8751 was published Sep 13, 2024
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... High Unreviewed
CVE-2019-14927 was published May 24, 2022
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ... High Unreviewed
CVE-2023-5881 was published Jan 3, 2024
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and... High Unreviewed
CVE-2024-39300 was published Aug 30, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed
CVE-2024-7940 was published Aug 27, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
ProTip! Advisories are also available from the GraphQL API