GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
237 advisories
Filter by severity
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It...
Moderate
Unreviewed
CVE-2022-27225
was published
Mar 17, 2022
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number...
High
Unreviewed
CVE-2021-44480
was published
Dec 2, 2021
Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an...
High
Unreviewed
CVE-2020-26732
was published
May 24, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to...
Moderate
Unreviewed
CVE-2022-35860
was published
Oct 19, 2022
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0...
High
Unreviewed
CVE-2021-26100
was published
May 24, 2022
VersionVault Express exposes sensitive information that an attacker can use to impersonate the...
Critical
Unreviewed
CVE-2021-27779
was published
May 26, 2022
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a...
High
Unreviewed
CVE-2021-34825
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow...
High
Unreviewed
CVE-2022-30237
was published
Jun 3, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)...
Moderate
Unreviewed
CVE-2020-10941
was published
May 24, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
Moderate
Unreviewed
CVE-2021-27783
was published
May 26, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared...
Moderate
Unreviewed
CVE-2021-28496
was published
May 24, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have...
Moderate
Unreviewed
CVE-2021-40650
was published
Jun 15, 2022
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed...
Low
Unreviewed
CVE-2020-8173
was published
May 24, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
Moderate
Unreviewed
CVE-2020-12730
was published
May 24, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a...
Moderate
Unreviewed
CVE-2022-20219
was published
Jul 14, 2022
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and...
High
Unreviewed
CVE-2020-24396
was published
May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre...
Moderate
Unreviewed
CVE-2021-23211
was published
May 24, 2022
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted...
High
Unreviewed
CVE-2019-6169
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An...
Moderate
Unreviewed
CVE-2019-13922
was published
May 24, 2022
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link...
Moderate
Unreviewed
CVE-2019-14954
was published
May 24, 2022
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through...
Low
Unreviewed
CVE-2019-4398
was published
May 24, 2022
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack...
High
Unreviewed
CVE-2019-18201
was published
May 24, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05...
Critical
Unreviewed
CVE-2019-17218
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
Moderate
Unreviewed
CVE-2020-15344
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
Moderate
Unreviewed
CVE-2020-15343
was published
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API