Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
Unprotected dynamically loaded chunks Low
CVE-2020-15262 was published for webpack-subresource-integrity (npm) Oct 19, 2020
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
Insufficient Verification of Data Authenticity in Eclipse Theia High
CVE-2019-17636 was published for @theia/mini-browser (npm) Apr 13, 2021
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed
CVE-2018-17938 was published May 13, 2022
Denial of Service in SheetJS Pro Moderate
CVE-2021-32014 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. Critical Unreviewed
CVE-2018-19971 was published May 13, 2022
Improperly Implemented path matching for in-toto-golang Moderate
CVE-2021-41087 was published for github.com/in-toto/in-toto-golang (Go) Sep 22, 2021
pxp928
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed
CVE-2019-0805 was published May 13, 2022
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface... High Unreviewed
CVE-2021-26103 was published Dec 9, 2021
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed
CVE-2019-7323 was published May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed
CVE-2016-4553 was published May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed
CVE-2016-4554 was published May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in... High Unreviewed
CVE-2017-10624 was published May 13, 2022
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.... High Unreviewed
CVE-2022-30262 was published Aug 18, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed
CVE-2015-3956 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other... Moderate Unreviewed
CVE-2017-1405 was published May 13, 2022
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local... High Unreviewed
CVE-2017-0563 was published May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to... High Unreviewed
CVE-2017-11178 was published May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... High Unreviewed
CVE-2017-11130 was published May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e... High Unreviewed
CVE-2017-17023 was published May 13, 2022
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional... Moderate Unreviewed
CVE-2020-9885 was published May 24, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by... High Unreviewed
CVE-2017-9606 was published May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)... High Unreviewed
CVE-2018-12333 was published May 13, 2022
A content spoofing vulnerability in the following components allows to render html pages... Moderate Unreviewed
CVE-2018-2434 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database