GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,428 advisories
Filter by severity
Missing permission check in Jenkins Netsparker Cloud Scan Plugin
Moderate
CVE-2019-10290
was published
for
org.jenkins-ci.plugins:netsparker-cloud-scan
(Maven)
May 13, 2022
It was found that the superexec operator was available in the internal dictionary in ghostscript...
Moderate
Unreviewed
CVE-2019-3835
was published
May 13, 2022
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is...
High
Unreviewed
CVE-2019-3879
was published
May 13, 2022
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization,...
High
Unreviewed
CVE-2015-8840
was published
May 13, 2022
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for....
Moderate
Unreviewed
CVE-2019-9482
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9171
was published
May 13, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config...
Critical
Unreviewed
CVE-2019-9002
was published
May 13, 2022
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google...
High
Unreviewed
CVE-2019-5774
was published
May 13, 2022
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03;...
High
Unreviewed
CVE-2018-2484
was published
May 13, 2022
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access...
High
Unreviewed
CVE-2018-2503
was published
May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by...
High
Unreviewed
CVE-2017-9036
was published
May 13, 2022
Missing Authorization in Apache ZooKeeper
High
CVE-2018-8012
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission...
Moderate
Unreviewed
CVE-2019-3886
was published
May 13, 2022
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's...
High
Unreviewed
CVE-2018-7792
was published
May 13, 2022
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote...
Moderate
Unreviewed
CVE-2012-4245
was published
May 13, 2022
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus...
High
Unreviewed
CVE-2019-9924
was published
May 13, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
A backdoor vulnerability exists in remote control functionality of Circle with Disney running...
Moderate
Unreviewed
CVE-2017-12084
was published
May 13, 2022
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary...
High
Unreviewed
CVE-2022-29611
was published
May 12, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper...
High
Unreviewed
CVE-2022-1442
was published
May 11, 2022
In getArray of NotificationManagerService.java , there is a possible leak of one user...
Moderate
Unreviewed
CVE-2022-20011
was published
May 11, 2022
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base...
Moderate
Unreviewed
CVE-2022-20115
was published
May 11, 2022
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing...
High
Unreviewed
CVE-2021-39738
was published
May 11, 2022
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing...
Moderate
Unreviewed
CVE-2022-20121
was published
May 11, 2022
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2022-22481
was published
May 10, 2022
ProTip!
Advisories are also available from the
GraphQL API