Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Workers for local Dask clusters mistakenly listened on public interfaces Critical
GHSA-hwqr-f3v9-hwxr was published for distributed (pip) Jul 15, 2022
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers... Critical Unreviewed
CVE-2023-45911 was published Oct 18, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically... Critical Unreviewed
CVE-2019-19015 was published May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated... Critical Unreviewed
CVE-2019-1848 was published May 24, 2022
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,... Critical Unreviewed
CVE-2019-12928 was published May 24, 2022
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a... Critical Unreviewed
CVE-2021-35958 was published May 24, 2022
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which... Critical Unreviewed
CVE-2019-12929 was published May 24, 2022
Mondo 2.24 has insecure handling of temporary files. Critical Unreviewed
CVE-2007-3915 was published Apr 21, 2022
An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2023-37621 was published Feb 1, 2024
CodenameOne Pending Intent vulnerability Critical
CVE-2022-4903 was published for com.codenameone:codenameone-core (Maven) Feb 10, 2023
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when... Critical Unreviewed
CVE-2022-25643 was published Feb 25, 2022
globalpom-utils has Insecure Temporary File Critical
CVE-2018-25068 was published for com.anrisoftware.globalpom:globalpomutils (Maven) Jan 6, 2023
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of... Critical Unreviewed
CVE-2021-44525 was published Dec 21, 2021
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g.... Critical Unreviewed
CVE-2021-44676 was published Dec 21, 2021
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the... Critical Unreviewed
CVE-2020-22647 was published Mar 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database