Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

142 advisories

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... High Unreviewed
CVE-2020-14111 was published Mar 11, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a... High Unreviewed
CVE-2021-4031 was published Mar 19, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive... High Unreviewed
CVE-2022-20795 was published Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by... High Unreviewed
CVE-2020-14116 was published Apr 22, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in... High Unreviewed
CVE-2022-41156 was published Nov 25, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was... High Unreviewed
CVE-2021-26625 was published Apr 20, 2022
Authorized users may install a maliciously modified package file when updating the device via the... High Unreviewed
CVE-2022-26516 was published Apr 21, 2022
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote... High Unreviewed
CVE-2021-21231 was published May 24, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated,... High Unreviewed
CVE-2021-1403 was published May 24, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker... High Unreviewed
CVE-2021-31228 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... High Unreviewed
CVE-2022-32252 was published Jun 15, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep... High Unreviewed
CVE-2017-11379 was published May 17, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML... High Unreviewed
CVE-2015-5236 was published Jul 8, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause... High Unreviewed
CVE-2022-34763 was published Jul 14, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before... High Unreviewed
CVE-2022-37008 was published Aug 11, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to... High Unreviewed
CVE-2016-2309 was published May 17, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom... High Unreviewed
CVE-2022-30269 was published Jul 27, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and... High Unreviewed
CVE-2014-4936 was published May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass... High Unreviewed
CVE-2016-3983 was published May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates... High Unreviewed
CVE-2016-2346 was published May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in... High Unreviewed
CVE-2015-2908 was published May 17, 2022
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated... High Unreviewed
CVE-2014-5406 was published May 17, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002... High Unreviewed
CVE-2019-12504 was published May 24, 2022
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the... High Unreviewed
CVE-2022-20829 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API