Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

632 advisories

Loading
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the... Moderate Unreviewed
CVE-2021-29769 was published May 24, 2022
When curl is instructed to get content using the metalink feature, and a user name and password... Moderate Unreviewed
CVE-2021-22923 was published May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to... High Unreviewed
CVE-2021-33883 was published May 24, 2022
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such... Moderate Unreviewed
CVE-2021-39272 was published May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows... High Unreviewed
CVE-2021-40847 was published May 24, 2022
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username... Moderate Unreviewed
CVE-2021-39342 was published May 24, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking... High Unreviewed
CVE-2021-22946 was published May 24, 2022
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to... Moderate Unreviewed
CVE-2021-39882 was published May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed
CVE-2021-0296 was published May 24, 2022
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an... Moderate Unreviewed
CVE-2021-38418 was published May 24, 2022
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6... Moderate Unreviewed
CVE-2021-29753 was published May 24, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed
CVE-2021-3774 was published May 24, 2022
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in... Moderate Unreviewed
CVE-2020-4152 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble... Moderate Unreviewed
CVE-2021-3792 was published May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2019-4382 was published May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form High
CVE-2019-10428 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form Moderate
CVE-2019-10427 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view... Moderate Unreviewed
CVE-2020-35456 was published May 24, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed
CVE-2020-20128 was published May 24, 2022
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP... Moderate Unreviewed
CVE-2021-42699 was published May 24, 2022
Kibana Sensitive Data Disclosure Moderate
CVE-2021-37939 was published for kibana (npm) May 24, 2022
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to... Low Unreviewed
CVE-2019-18248 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database