Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,... Critical Unreviewed
CVE-2019-12928 was published May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated... Critical Unreviewed
CVE-2019-1848 was published May 24, 2022
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all... Critical Unreviewed
CVE-2018-7846 was published May 24, 2022
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS... Critical Unreviewed
CVE-2022-1467 was published May 24, 2022
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot... Critical Unreviewed
CVE-2018-7072 was published May 13, 2022
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices... Critical Unreviewed
CVE-2018-18068 was published May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and... Critical Unreviewed
CVE-2017-18129 was published May 13, 2022
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server... Critical Unreviewed
CVE-2017-12249 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16597 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16610 was published May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead... Critical Unreviewed
CVE-2021-42001 was published May 3, 2022
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log... Critical Unreviewed
CVE-2022-27332 was published Apr 28, 2022
Mondo 2.24 has insecure handling of temporary files. Critical Unreviewed
CVE-2007-3915 was published Apr 21, 2022
Insecure temporary file usage in SWHKD Critical
CVE-2022-27818 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not... Critical Unreviewed
CVE-2022-27919 was published Mar 26, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the... Critical Unreviewed
CVE-2022-25010 was published Mar 3, 2022
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when... Critical Unreviewed
CVE-2022-25643 was published Feb 25, 2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator... Critical Unreviewed
CVE-2022-25236 was published Feb 17, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... Critical Unreviewed
CVE-2021-42640 was published Feb 9, 2022
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g.... Critical Unreviewed
CVE-2021-44676 was published Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of... Critical Unreviewed
CVE-2021-44525 was published Dec 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database