Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

267 advisories

Loading
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed
CVE-2022-20752 was published Jul 7, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed
CVE-2022-32425 was published Jul 15, 2022
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue... Moderate Unreviewed
CVE-2022-4543 was published Jan 11, 2023
In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20291 was published Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed
CVE-2022-20304 was published Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20293 was published Aug 13, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is... Moderate Unreviewed
CVE-2022-20538 was published Dec 19, 2022
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread... Moderate Unreviewed
CVE-2022-45416 was published Dec 22, 2022
Service Workers should not be able to infer information about opaque cross-origin responses; but... Moderate Unreviewed
CVE-2022-45403 was published Dec 22, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24043 was published May 21, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13383 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13599 was published May 24, 2022
Search Guard versions before 21.0 had an timing side channel issue when using the internal user... Moderate Unreviewed
CVE-2019-13420 was published May 24, 2022
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ... Moderate Unreviewed
CVE-2019-11465 was published May 24, 2022
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password... Moderate Unreviewed
CVE-2019-16394 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1... Moderate Unreviewed
CVE-2019-3732 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions... Moderate Unreviewed
CVE-2019-3731 was published May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed
CVE-2019-16516 was published May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6400 was published May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the... Moderate Unreviewed
CVE-2019-5135 was published May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed
CVE-2020-11713 was published May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response... Moderate Unreviewed
CVE-2020-13413 was published May 24, 2022
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access... Moderate Unreviewed
CVE-2022-46392 was published Dec 16, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an... Moderate Unreviewed
CVE-2020-14145 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API