Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

127 advisories

Loading
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It... Moderate Unreviewed
CVE-2022-27225 was published Mar 17, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed
CVE-2022-35860 was published Oct 19, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed
CVE-2020-10941 was published May 24, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed
CVE-2021-28496 was published May 24, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An... Moderate Unreviewed
CVE-2019-13922 was published May 24, 2022
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link... Moderate Unreviewed
CVE-2019-14954 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed
CVE-2020-15343 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed
CVE-2020-15344 was published Sep 30, 2022
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. Moderate Unreviewed
CVE-2019-19463 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed
CVE-2020-15345 was published Sep 30, 2022
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed
CVE-2019-16672 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed
CVE-2020-15342 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Moderate Unreviewed
CVE-2020-15346 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. Moderate Unreviewed
CVE-2020-15330 was published Sep 30, 2022
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces.... Moderate Unreviewed
CVE-2019-14317 was published May 24, 2022
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. Moderate Unreviewed
CVE-2019-16274 was published May 24, 2022
An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure... Moderate Unreviewed
CVE-2020-9470 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It... Moderate Unreviewed
CVE-2019-16063 was published May 24, 2022
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using... Moderate Unreviewed
CVE-2019-12121 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database... Moderate Unreviewed
CVE-2019-16062 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API