Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
Prototype Pollution in upmerge Moderate
GHSA-gm9g-2g8v-fvxj was published for upmerge (npm) Jun 6, 2019
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed
CVE-2020-14122 was published Apr 22, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity... Moderate Unreviewed
CVE-2022-28385 was published Jun 9, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed
CVE-2022-31598 was published Jul 13, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed
CVE-2022-2789 was published Aug 20, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed
CVE-2022-39909 was published Dec 8, 2022
In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is... Moderate Unreviewed
CVE-2019-0379 was published May 24, 2022
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV... Moderate Unreviewed
CVE-2021-40491 was published May 24, 2022
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the... Moderate Unreviewed
CVE-2019-8921 was published Nov 30, 2021
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6443 was published May 24, 2022
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that... Moderate Unreviewed
CVE-2020-11539 was published May 24, 2022
** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from... Moderate Unreviewed
CVE-2020-12063 was published May 24, 2022
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart... Moderate Unreviewed
CVE-2020-6081 was published May 24, 2022
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using... Moderate Unreviewed
CVE-2020-11985 was published May 24, 2022
There is an information disclosure vulnerability in several smartphones. The device does not... Moderate Unreviewed
CVE-2020-9109 was published May 24, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed
CVE-2020-1755 was published Aug 17, 2022
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,... Moderate Unreviewed
CVE-2021-22339 was published May 24, 2022
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0... Moderate Unreviewed
CVE-2021-32665 was published May 24, 2022
Address bar search suggestions in private browsing mode were re-using session data from normal... Moderate Unreviewed
CVE-2021-29963 was published May 24, 2022
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock... Moderate Unreviewed
CVE-2021-23998 was published May 24, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the... Moderate Unreviewed
CVE-2021-21588 was published May 24, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22419 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API