GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
332 advisories
Filter by severity
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The...
High
Unreviewed
CVE-2022-32252
was published
Jun 15, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server...
Critical
Unreviewed
CVE-2022-31813
was published
Jun 10, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity...
Moderate
Unreviewed
CVE-2022-28385
was published
Jun 9, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all...
Moderate
Unreviewed
CVE-2019-5587
was published
May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently...
High
Unreviewed
CVE-2021-26315
was published
May 24, 2022
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if...
Critical
Unreviewed
CVE-2021-43616
was published
May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted...
Moderate
Unreviewed
CVE-2020-23906
was published
May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability....
Moderate
Unreviewed
CVE-2021-22460
was published
May 24, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or...
High
Unreviewed
CVE-2021-26610
was published
May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity...
Moderate
Unreviewed
CVE-2021-38396
was published
May 24, 2022
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using...
Moderate
Unreviewed
CVE-2021-22947
was published
May 24, 2022
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode...
Moderate
Unreviewed
CVE-2021-34572
was published
May 24, 2022
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft...
Critical
Unreviewed
CVE-2021-26608
was published
May 24, 2022
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows...
High
Unreviewed
CVE-2020-19769
was published
May 24, 2022
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows...
High
Unreviewed
CVE-2020-19768
was published
May 24, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary...
Critical
Unreviewed
CVE-2020-24672
was published
May 24, 2022
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV...
Moderate
Unreviewed
CVE-2021-40491
was published
May 24, 2022
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to...
Critical
Unreviewed
CVE-2021-33885
was published
May 24, 2022
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series...
High
Unreviewed
CVE-2021-1586
was published
May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker...
High
Unreviewed
CVE-2021-31228
was published
May 24, 2022
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant...
Moderate
Unreviewed
CVE-2021-38597
was published
May 24, 2022
A ZTE's product of the transport network access layer has a security vulnerability. Because the...
Moderate
Unreviewed
CVE-2021-21739
was published
May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability....
Moderate
Unreviewed
CVE-2021-22419
was published
May 24, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the...
Moderate
Unreviewed
CVE-2021-21588
was published
May 24, 2022
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a...
High
Unreviewed
CVE-2021-36367
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API