GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Prototype Pollution in defaults-deep
Critical
CVE-2018-16486
was published
for
defaults-deep
(npm)
Feb 7, 2019
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and...
Critical
Unreviewed
CVE-2020-7878
was published
Dec 29, 2021
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does...
Critical
Unreviewed
CVE-2021-36751
was published
Jan 3, 2022
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an...
Critical
Unreviewed
CVE-2022-22994
was published
Jan 29, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to...
Critical
Unreviewed
CVE-2022-0715
was published
Mar 10, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused...
Critical
Unreviewed
CVE-2020-14115
was published
Mar 11, 2022
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before...
Critical
Unreviewed
CVE-2015-6854
was published
May 13, 2022
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3...
Critical
Unreviewed
CVE-2015-6853
was published
May 13, 2022
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Critical
Unreviewed
CVE-2018-19971
was published
May 13, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and...
Critical
Unreviewed
CVE-2015-3956
was published
May 13, 2022
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is...
Critical
Unreviewed
CVE-2019-11235
was published
May 24, 2022
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all...
Critical
Unreviewed
CVE-2019-6695
was published
May 24, 2022
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing...
Critical
Unreviewed
CVE-2019-17006
was published
May 24, 2022
There is a improper privilege management vulnerability in some Huawei smartphone. Successful...
Critical
Unreviewed
CVE-2020-9141
was published
May 24, 2022
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP...
Critical
Unreviewed
CVE-2020-26547
was published
May 24, 2022
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5...
Critical
Unreviewed
CVE-2020-28900
was published
May 24, 2022
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to...
Critical
Unreviewed
CVE-2021-33885
was published
May 24, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary...
Critical
Unreviewed
CVE-2020-24672
was published
May 24, 2022
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft...
Critical
Unreviewed
CVE-2021-26608
was published
May 24, 2022
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if...
Critical
Unreviewed
CVE-2021-43616
was published
May 24, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server...
Critical
Unreviewed
CVE-2022-31813
was published
Jun 10, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31801
was published
Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31800
was published
Jun 22, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the...
Critical
Unreviewed
CVE-2022-29958
was published
Jul 27, 2022
ProTip!
Advisories are also available from the
GraphQL API