GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
47 advisories
Filter by severity
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (...
Critical
Unreviewed
CVE-2022-32221
was published
Dec 6, 2022
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers...
Critical
Unreviewed
CVE-2023-45911
was published
Oct 18, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect...
Critical
Unreviewed
CVE-2023-3455
was published
Jul 5, 2023
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically...
Critical
Unreviewed
CVE-2019-19015
was published
May 24, 2022
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated...
Critical
Unreviewed
CVE-2019-1848
was published
May 24, 2022
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection,...
Critical
Unreviewed
CVE-2019-12928
was published
May 24, 2022
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a...
Critical
Unreviewed
CVE-2021-35958
was published
May 24, 2022
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which...
Critical
Unreviewed
CVE-2019-12929
was published
May 24, 2022
Mondo 2.24 has insecure handling of temporary files.
Critical
Unreviewed
CVE-2007-3915
was published
Apr 21, 2022
An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive...
Critical
Unreviewed
CVE-2023-37621
was published
Feb 1, 2024
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when...
Critical
Unreviewed
CVE-2022-25643
was published
Feb 25, 2022
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g....
Critical
Unreviewed
CVE-2021-44676
was published
Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of...
Critical
Unreviewed
CVE-2021-44525
was published
Dec 21, 2021
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can...
Critical
Unreviewed
CVE-2022-21817
was published
Feb 8, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any...
Critical
Unreviewed
CVE-2022-24074
was published
Mar 18, 2022
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the...
Critical
Unreviewed
CVE-2020-22647
was published
Mar 16, 2023
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the...
Critical
Unreviewed
CVE-2022-25010
was published
Mar 3, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct...
Critical
Unreviewed
CVE-2021-42640
was published
Feb 9, 2022
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot...
Critical
Unreviewed
CVE-2018-7072
was published
May 13, 2022
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices...
Critical
Unreviewed
CVE-2018-18068
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and...
Critical
Unreviewed
CVE-2017-18129
was published
May 13, 2022
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server...
Critical
Unreviewed
CVE-2017-12249
was published
May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-16597
was published
May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-16610
was published
May 13, 2022
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated...
Critical
Unreviewed
CVE-2021-44524
was published
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API