Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
Prototype Pollution in upmerge Moderate
GHSA-gm9g-2g8v-fvxj was published for upmerge (npm) Jun 6, 2019
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed
CVE-2020-14122 was published Apr 22, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity... Moderate Unreviewed
CVE-2022-28385 was published Jun 9, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed
CVE-2022-31598 was published Jul 13, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed
CVE-2022-2789 was published Aug 20, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed
CVE-2022-39909 was published Dec 8, 2022
In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is... Moderate Unreviewed
CVE-2019-0379 was published May 24, 2022
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV... Moderate Unreviewed
CVE-2021-40491 was published May 24, 2022
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the... Moderate Unreviewed
CVE-2019-8921 was published Nov 30, 2021
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6443 was published May 24, 2022
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that... Moderate Unreviewed
CVE-2020-11539 was published May 24, 2022
** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from... Moderate Unreviewed
CVE-2020-12063 was published May 24, 2022
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart... Moderate Unreviewed
CVE-2020-6081 was published May 24, 2022
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using... Moderate Unreviewed
CVE-2020-11985 was published May 24, 2022
There is an information disclosure vulnerability in several smartphones. The device does not... Moderate Unreviewed
CVE-2020-9109 was published May 24, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed
CVE-2020-1755 was published Aug 17, 2022
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,... Moderate Unreviewed
CVE-2021-22339 was published May 24, 2022
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0... Moderate Unreviewed
CVE-2021-32665 was published May 24, 2022
Address bar search suggestions in private browsing mode were re-using session data from normal... Moderate Unreviewed
CVE-2021-29963 was published May 24, 2022
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock... Moderate Unreviewed
CVE-2021-23998 was published May 24, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the... Moderate Unreviewed
CVE-2021-21588 was published May 24, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22419 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database