GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12...
Critical
Unreviewed
CVE-2013-6014
was published
May 13, 2022
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file...
Critical
Unreviewed
CVE-2018-16705
was published
May 13, 2022
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard"...
Critical
Unreviewed
CVE-2018-12481
was published
May 13, 2022
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100...
Critical
Unreviewed
CVE-2017-7899
was published
May 13, 2022
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1...
Critical
Unreviewed
CVE-2017-5738
was published
May 13, 2022
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability....
Critical
Unreviewed
CVE-2017-4923
was published
May 13, 2022
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0...
Critical
Unreviewed
CVE-2017-2320
was published
May 13, 2022
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0...
Critical
Unreviewed
CVE-2016-5649
was published
May 13, 2022
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain...
Critical
Unreviewed
CVE-2016-6548
was published
May 13, 2022
Insecure cookie sharing in Hawtio
Critical
CVE-2017-2589
was published
for
io.hawt:project
(Maven)
May 13, 2022
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have...
Critical
Unreviewed
CVE-2017-3185
was published
May 13, 2022
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security...
Critical
Unreviewed
CVE-2017-3972
was published
May 13, 2022
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON...
Critical
Unreviewed
CVE-2018-10627
was published
May 13, 2022
Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability...
Critical
Unreviewed
CVE-2018-14822
was published
May 13, 2022
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation...
Critical
Unreviewed
CVE-2018-8919
was published
May 13, 2022
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read...
Critical
Unreviewed
CVE-2018-9852
was published
May 13, 2022
An issue existed with autofill resuming after it was canceled. The issue was addressed with...
Critical
Unreviewed
CVE-2019-6206
was published
May 13, 2022
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it...
Critical
Unreviewed
CVE-2018-20371
was published
May 13, 2022
In Vignette Content Management version 6, it is possible to gain remote access to administrator...
Critical
Unreviewed
CVE-2018-18941
was published
May 13, 2022
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI)....
Critical
Unreviewed
CVE-2019-0040
was published
May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-...
Critical
Unreviewed
CVE-2017-9788
was published
May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability...
Critical
Unreviewed
CVE-2017-11435
was published
May 13, 2022
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct...
Critical
Unreviewed
CVE-2018-12634
was published
May 13, 2022
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access...
Critical
Unreviewed
CVE-2017-5158
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API