GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,744
Maven
4,969
npm
3,507
NuGet
609
pip
3,065
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
220,677 advisories
Filter by severity
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and...
Critical
Unreviewed
CVE-2019-1821
was published
May 24, 2022
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7...
High
Unreviewed
CVE-2018-14993
was published
May 24, 2022
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART...
High
Unreviewed
CVE-2018-20007
was published
May 24, 2022
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This...
Critical
Unreviewed
CVE-2020-29597
was published
May 24, 2022
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC...
Moderate
Unreviewed
CVE-2022-41610
was published
May 10, 2023
Buffer Overflow vulnerability in Antirez Kilo before commit...
High
Unreviewed
CVE-2020-20335
was published
Jun 20, 2023
Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful...
Moderate
Unreviewed
CVE-2019-7844
was published
May 24, 2022
Recently it was discovered as a part of the research on IoT devices in the most recent firmware...
High
Unreviewed
CVE-2017-10724
was published
May 24, 2022
A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM)...
High
Unreviewed
CVE-2019-1911
was published
May 24, 2022
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject...
Moderate
Unreviewed
CVE-2018-20827
was published
May 24, 2022
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.
High
Unreviewed
CVE-2015-9345
was published
May 24, 2022
VMware Tools for Windows (10.x before 10.3.10) update addresses an out of bounds read...
High
Unreviewed
CVE-2019-5522
was published
May 24, 2022
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
High
Unreviewed
CVE-2012-5617
was published
Apr 23, 2022
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds...
Moderate
Unreviewed
CVE-2019-10994
was published
May 24, 2022
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by...
Critical
Unreviewed
CVE-2019-15748
was published
May 24, 2022
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats...
High
Unreviewed
CVE-2019-7620
was published
May 24, 2022
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could...
Moderate
Unreviewed
CVE-2023-20756
was published
Jul 4, 2023
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows...
Moderate
Unreviewed
CVE-2023-26579
was published
Oct 25, 2023
In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services...
High
Unreviewed
CVE-2023-45383
was published
Oct 18, 2023
Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2023-39645
was published
Oct 3, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS...
Moderate
Unreviewed
CVE-2023-32498
was published
Aug 23, 2023
The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the...
High
Unreviewed
CVE-2023-39735
was published
Oct 25, 2023
A valid XCC user's local account permissions overrides their active directory permissions under...
High
Unreviewed
CVE-2023-29057
was published
Jul 6, 2023
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 ...
High
Unreviewed
CVE-2023-37935
was published
Oct 10, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect...
High
Unreviewed
CVE-2023-23897
was published
Jul 10, 2023
ProTip!
Advisories are also available from the
GraphQL API