GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
350 advisories
Filter by severity
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers...
Moderate
Unreviewed
CVE-2022-30111
was published
May 19, 2022
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual...
High
Unreviewed
CVE-2019-1706
was published
May 24, 2022
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized,...
Moderate
Unreviewed
CVE-2019-11323
was published
May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2019-4156
was published
May 24, 2022
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor...
Moderate
Unreviewed
CVE-2019-9836
was published
May 24, 2022
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71...
High
Unreviewed
CVE-2019-12171
was published
May 24, 2022
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U...
Moderate
Unreviewed
CVE-2019-13604
was published
May 24, 2022
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All...
Moderate
Unreviewed
CVE-2019-10929
was published
May 24, 2022
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low...
High
Unreviewed
CVE-2019-9506
was published
May 24, 2022
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS...
High
Unreviewed
CVE-2019-9013
was published
May 24, 2022
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2019-12621
was published
May 24, 2022
An exploitable information disclosure vulnerability exists in the Weave PASE pairing...
Critical
Unreviewed
CVE-2019-5035
was published
May 24, 2022
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses...
Moderate
Unreviewed
CVE-2018-18371
was published
May 24, 2022
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple...
Moderate
Unreviewed
CVE-2019-15955
was published
May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a...
Moderate
Unreviewed
CVE-2019-1563
was published
May 24, 2022
Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon...
High
Unreviewed
CVE-2019-10492
was published
May 24, 2022
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage...
High
Unreviewed
CVE-2019-3736
was published
May 24, 2022
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in...
Moderate
Unreviewed
CVE-2019-16116
was published
May 24, 2022
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This...
Moderate
Unreviewed
CVE-2019-13629
was published
May 24, 2022
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used...
Moderate
Unreviewed
CVE-2018-5745
was published
May 24, 2022
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture...
Moderate
Unreviewed
CVE-2019-11341
was published
May 24, 2022
Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012.20035 and earlier versions...
High
Unreviewed
CVE-2019-8237
was published
May 24, 2022
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected...
High
Unreviewed
CVE-2019-4399
was published
May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential...
Moderate
Unreviewed
CVE-2019-18659
was published
May 24, 2022
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the...
Moderate
Unreviewed
CVE-2019-16863
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API