GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,438

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

237 advisories

Filter by severity

Sort by

Least recently updated

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It... Moderate Unreviewed

CVE-2022-27225 was published Mar 17, 2022

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number... High Unreviewed

CVE-2021-44480 was published Dec 2, 2021

Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an... High Unreviewed

CVE-2020-26732 was published May 24, 2022

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed

CVE-2022-35860 was published Oct 19, 2022

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0... High Unreviewed

CVE-2021-26100 was published May 24, 2022

VersionVault Express exposes sensitive information that an attacker can use to impersonate the... Critical Unreviewed

CVE-2021-27779 was published May 26, 2022

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a... High Unreviewed

CVE-2021-34825 was published May 24, 2022

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow... High Unreviewed

CVE-2022-30237 was published Jun 3, 2022

Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed

CVE-2020-10941 was published May 24, 2022

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed

CVE-2021-27783 was published May 26, 2022

On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed

CVE-2021-28496 was published May 24, 2022

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed

CVE-2021-40650 was published Jun 15, 2022

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed... Low Unreviewed

CVE-2020-8173 was published May 24, 2022

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed

CVE-2020-12730 was published May 24, 2022

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed

CVE-2022-20219 was published Jul 14, 2022

homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed

CVE-2020-24396 was published May 24, 2022

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed

CVE-2021-23211 was published May 24, 2022

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted... High Unreviewed

CVE-2019-6169 was published May 24, 2022

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An... Moderate Unreviewed

CVE-2019-13922 was published May 24, 2022

JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link... Moderate Unreviewed

CVE-2019-14954 was published May 24, 2022

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through... Low Unreviewed

CVE-2019-4398 was published May 24, 2022

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack... High Unreviewed

CVE-2019-18201 was published May 24, 2022

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed

CVE-2019-17218 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed

CVE-2020-15343 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed

CVE-2020-15344 was published Sep 30, 2022

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

237 advisories