GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
267 advisories
Filter by severity
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified...
Moderate
Unreviewed
CVE-2022-20752
was published
Jul 7, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by...
Moderate
Unreviewed
CVE-2022-32425
was published
Jul 15, 2022
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue...
Moderate
Unreviewed
CVE-2022-4543
was published
Jan 11, 2023
In AppOpsService, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20291
was published
Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel...
Moderate
Unreviewed
CVE-2022-20304
was published
Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20293
was published
Aug 13, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is...
Moderate
Unreviewed
CVE-2022-20538
was published
Dec 19, 2022
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread...
Moderate
Unreviewed
CVE-2022-45416
was published
Dec 22, 2022
Service Workers should not be able to infer information about opaque cross-origin responses; but...
Moderate
Unreviewed
CVE-2022-45403
was published
Dec 22, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Moderate
Unreviewed
CVE-2022-24043
was published
May 21, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers...
Moderate
Unreviewed
CVE-2019-13383
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers...
Moderate
Unreviewed
CVE-2019-13599
was published
May 24, 2022
Search Guard versions before 21.0 had an timing side channel issue when using the internal user...
Moderate
Unreviewed
CVE-2019-13420
was published
May 24, 2022
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ...
Moderate
Unreviewed
CVE-2019-11465
was published
May 24, 2022
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password...
Moderate
Unreviewed
CVE-2019-16394
was published
May 24, 2022
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1...
Moderate
Unreviewed
CVE-2019-3732
was published
May 24, 2022
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions...
Moderate
Unreviewed
CVE-2019-3731
was published
May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185....
Moderate
Unreviewed
CVE-2019-16516
was published
May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote...
Moderate
Unreviewed
CVE-2020-6400
was published
May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the...
Moderate
Unreviewed
CVE-2019-5135
was published
May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing...
Moderate
Unreviewed
CVE-2020-11713
was published
May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response...
Moderate
Unreviewed
CVE-2020-13413
was published
May 24, 2022
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access...
Moderate
Unreviewed
CVE-2022-46392
was published
Dec 16, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an...
Moderate
Unreviewed
CVE-2020-14145
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API