Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

632 advisories

Loading
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed
CVE-2022-45480 was published Dec 2, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45483 was published Dec 2, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45478 was published Dec 5, 2022
In certain Secustation products the administrator account password can be read. This affects V2.5... Moderate Unreviewed
CVE-2022-40939 was published Dec 8, 2022
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer... Moderate Unreviewed
CVE-2022-45877 was published Dec 8, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software... Critical Unreviewed
CVE-2022-43724 was published Dec 13, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is... Moderate Unreviewed
CVE-2020-9420 was published Dec 14, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed
CVE-2020-4497 was published Dec 15, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue... High Unreviewed
CVE-2021-4258 was published Dec 19, 2022
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may... Moderate Unreviewed
CVE-2022-42454 was published Dec 21, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol... High Unreviewed
CVE-2022-47895 was published Dec 22, 2022
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be... High Unreviewed
CVE-2022-22758 was published Dec 22, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep... High Unreviewed
CVE-2022-43551 was published Dec 23, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
Communication between the client and the server application of the affected products is partially... Critical Unreviewed
CVE-2022-3929 was published Jan 6, 2023
Apache James server allows an attacker with local access to access private user data in transit Moderate
CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... Moderate Unreviewed
CVE-2023-22597 was published Jan 13, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when... Moderate Unreviewed
CVE-2023-22863 was published Jan 18, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being... Moderate Unreviewed
CVE-2023-23130 was published Feb 1, 2023
Last Yard 22.09.8-1 does not enforce HSTS headers Critical Unreviewed
CVE-2022-47714 was published Feb 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database