Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,164 advisories

Loading
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35466 was published May 24, 2022
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for... Critical Unreviewed
CVE-2020-35193 was published May 24, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... Critical Unreviewed
CVE-2020-25228 was published May 24, 2022
Improper Authentication vulnerability in Gallagher Command Centre Server allows an... High Unreviewed
CVE-2020-16102 was published May 24, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on... Critical Unreviewed
CVE-2020-7540 was published May 24, 2022
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user.... Critical Unreviewed
CVE-2020-29389 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and... Critical Unreviewed
CVE-2020-7561 was published May 24, 2022
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an... Critical Unreviewed
CVE-2020-3531 was published May 24, 2022
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an... High Unreviewed
CVE-2020-3392 was published May 24, 2022
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and... High Unreviewed
CVE-2020-10291 was published May 24, 2022
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and... High Unreviewed
CVE-2020-27986 was published May 24, 2022
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information... High Unreviewed
CVE-2020-25966 was published May 24, 2022
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of... Moderate Unreviewed
CVE-2020-7370 was published May 24, 2022
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of... Moderate Unreviewed
CVE-2020-7369 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script... Moderate Unreviewed
CVE-2020-26567 was published May 24, 2022
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders... Critical Unreviewed
CVE-2020-24217 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an... Critical Unreviewed
CVE-2020-12506 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an... Critical Unreviewed
CVE-2020-12505 was published May 24, 2022
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows... Critical Unreviewed
CVE-2020-15851 was published May 24, 2022
It is possible to enumerate access card credentials via an unauthenticated network connection to... Critical Unreviewed
CVE-2020-16098 was published May 24, 2022
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php ... Moderate Unreviewed
CVE-2020-11579 was published May 24, 2022
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same... High Unreviewed
CVE-2020-24363 was published May 24, 2022
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for... Moderate Unreviewed
CVE-2020-20627 was published May 24, 2022
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port... High Unreviewed
CVE-2020-15483 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database