GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
86,716 advisories
Filter by severity
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of...
High
Unreviewed
CVE-2023-39984
was published
Aug 23, 2023
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall...
High
Unreviewed
CVE-2023-36631
was published
Jun 26, 2023
** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack...
High
Unreviewed
CVE-2023-34942
was published
Jun 12, 2023
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows...
High
Unreviewed
CVE-2023-26980
was published
Apr 14, 2023
DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the...
High
Unreviewed
CVE-2023-24229
was published
Mar 15, 2023
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain...
High
Unreviewed
CVE-2023-27974
was published
Mar 9, 2023
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME...
High
Unreviewed
CVE-2018-25081
was published
Mar 9, 2023
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
Unreviewed
CVE-2022-37177
was published
Aug 30, 2022
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail...
High
Unreviewed
CVE-2022-35414
was published
Jul 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in...
High
Unreviewed
CVE-2022-24700
was published
Jun 3, 2022
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an...
High
Unreviewed
CVE-2022-30288
was published
May 6, 2022
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An...
High
Unreviewed
CVE-2020-28885
was published
Jan 29, 2022
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force...
High
Unreviewed
CVE-2021-43396
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet...
High
Unreviewed
CVE-2021-37145
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura...
High
Unreviewed
CVE-2021-25651
was published
May 24, 2022
** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to...
High
Unreviewed
CVE-2021-36797
was published
May 24, 2022
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows...
High
Unreviewed
CVE-2020-18169
was published
May 24, 2022
** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings...
High
Unreviewed
CVE-2021-30141
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by...
High
Unreviewed
CVE-2021-28248
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by...
High
Unreviewed
CVE-2021-28250
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by...
High
Unreviewed
CVE-2021-28249
was published
May 24, 2022
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's...
High
Unreviewed
CVE-2020-36325
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform...
High
Unreviewed
CVE-2020-35734
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in...
High
Unreviewed
CVE-2021-26593
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the...
High
Unreviewed
CVE-2021-26594
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API