Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

312 advisories

Loading
Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed
CVE-2017-3219 was published May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior... High Unreviewed
CVE-2017-3218 was published May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... Moderate Unreviewed
CVE-2018-10626 was published May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed
CVE-2016-4554 was published May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed
CVE-2016-4553 was published May 13, 2022
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks... High Unreviewed
CVE-2017-11103 was published May 13, 2022
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed
CVE-2019-7323 was published May 13, 2022
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed
CVE-2019-0805 was published May 13, 2022
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. Critical Unreviewed
CVE-2018-19971 was published May 13, 2022
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed
CVE-2018-17938 was published May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed
CVE-2016-3016 was published May 13, 2022
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed
CVE-2014-0364 was published May 13, 2022
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3... Critical Unreviewed
CVE-2015-6853 was published May 13, 2022
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before... Critical Unreviewed
CVE-2015-6854 was published May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed
CVE-2019-1000012 was published May 13, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed
CVE-2018-7798 was published May 13, 2022
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed
CVE-2021-27759 was published May 7, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by... High Unreviewed
CVE-2020-14116 was published Apr 22, 2022
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed
CVE-2020-14122 was published Apr 22, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive... High Unreviewed
CVE-2022-20795 was published Apr 22, 2022
Authorized users may install a maliciously modified package file when updating the device via the... High Unreviewed
CVE-2022-26516 was published Apr 21, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was... High Unreviewed
CVE-2021-26625 was published Apr 20, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database