GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
Configuration and database backup archives are not signed or validated in Trend Micro Deep...
High
Unreviewed
CVE-2017-11379
was published
May 17, 2022
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and...
High
Unreviewed
CVE-2014-2718
was published
May 17, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific...
High
Unreviewed
CVE-2017-14091
was published
May 14, 2022
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module...
High
Unreviewed
CVE-2014-8165
was published
May 14, 2022
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings...
High
Unreviewed
CVE-2018-10080
was published
May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer...
High
Unreviewed
CVE-2015-4674
was published
May 14, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it...
High
Unreviewed
CVE-2016-1493
was published
May 14, 2022
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An...
High
Unreviewed
CVE-2018-7932
was published
May 13, 2022
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive...
High
Unreviewed
CVE-2018-6562
was published
May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)...
High
Unreviewed
CVE-2018-12333
was published
May 13, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by...
High
Unreviewed
CVE-2017-9606
was published
May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e...
High
Unreviewed
CVE-2017-17023
was published
May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to...
High
Unreviewed
CVE-2017-11178
was published
May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for...
High
Unreviewed
CVE-2017-11130
was published
May 13, 2022
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local...
High
Unreviewed
CVE-2017-0563
was published
May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in...
High
Unreviewed
CVE-2017-10624
was published
May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Acronis True Image up to and including version 2017 Build 8053 performs software updates using...
High
Unreviewed
CVE-2017-3219
was published
May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior...
High
Unreviewed
CVE-2017-3218
was published
May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State...
High
Unreviewed
CVE-2017-3224
was published
May 13, 2022
Nimbus JOSE+JWT missing overflow check
High
CVE-2017-12972
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for...
High
Unreviewed
CVE-2015-7539
was published
May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin...
High
Unreviewed
CVE-2016-4554
was published
May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host...
High
Unreviewed
CVE-2016-4553
was published
May 13, 2022
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks...
High
Unreviewed
CVE-2017-11103
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API