Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

633 advisories

Loading
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission... Moderate Unreviewed
CVE-2022-25805 was published Jun 10, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure... Moderate Unreviewed
CVE-2022-30115 was published Jun 3, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and... Moderate Unreviewed
CVE-2022-29733 was published Jun 3, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28508 was published May 27, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28509 was published May 27, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are... High Unreviewed
CVE-2021-32966 was published May 26, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine... High Unreviewed
CVE-2022-26077 was published May 26, 2022
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to... Low Unreviewed
CVE-2019-18248 was published May 24, 2022
Kibana Sensitive Data Disclosure Moderate
CVE-2021-37939 was published for kibana (npm) May 24, 2022
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP... Moderate Unreviewed
CVE-2021-42699 was published May 24, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed
CVE-2020-20128 was published May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view... Moderate Unreviewed
CVE-2020-35456 was published May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form High
CVE-2019-10428 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form Moderate
CVE-2019-10427 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2019-4382 was published May 24, 2022
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble... Moderate Unreviewed
CVE-2021-3792 was published May 24, 2022
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in... Moderate Unreviewed
CVE-2020-4152 was published May 24, 2022
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6... Moderate Unreviewed
CVE-2021-29753 was published May 24, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed
CVE-2021-3774 was published May 24, 2022
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an... Moderate Unreviewed
CVE-2021-38418 was published May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed
CVE-2021-0296 was published May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database