Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

223 advisories

Loading
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of... Moderate Unreviewed
CVE-2018-15466 was published May 13, 2022
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation... Moderate Unreviewed
CVE-2011-3055 was published May 13, 2022
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to... Moderate Unreviewed
CVE-2018-1757 was published May 13, 2022
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and... Moderate Unreviewed
CVE-2019-6538 was published May 13, 2022
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for... Moderate Unreviewed
CVE-2014-2590 was published May 13, 2022
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and... Moderate Unreviewed
CVE-2022-0424 was published May 10, 2022
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to... Moderate Unreviewed
CVE-2022-27495 was published May 6, 2022
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in... Moderate Unreviewed
CVE-2012-2736 was published Apr 23, 2022
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry... Moderate Unreviewed
CVE-2022-0140 was published Apr 13, 2022
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging.... Moderate Unreviewed
CVE-2022-0878 was published Apr 13, 2022
Sensitive information can be obtained through the handling of serialized data. The issue results... Moderate Unreviewed
CVE-2020-14479 was published Apr 3, 2022
The software does not perform any authentication for critical system functionality. Moderate Unreviewed
CVE-2022-0922 was published Apr 3, 2022
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not... Moderate Unreviewed
CVE-2021-46006 was published Apr 1, 2022
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13,... Moderate Unreviewed
CVE-2021-44261 was published Mar 18, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed
CVE-2022-0188 was published Feb 15, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Moderate Unreviewed
CVE-2022-22809 was published Feb 11, 2022
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have... Moderate Unreviewed
CVE-2022-24111 was published Feb 11, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a... Moderate Unreviewed
CVE-2022-21816 was published Feb 8, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All... Moderate Unreviewed
CVE-2021-26264 was published Jan 29, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-34870 was published Jan 26, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed
CVE-2021-20152 was published Dec 31, 2021
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check.... Moderate Unreviewed
CVE-2021-1011 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database