GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,632
Composer 4,226
Erlang 31
GitHub Actions 19
Go 1,991
Maven 5,177
npm 3,708
NuGet 661
pip 3,341
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,549

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

266 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the... Moderate Unreviewed

CVE-2019-8921 was published Nov 30, 2021

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface... High Unreviewed

CVE-2021-26103 was published Dec 9, 2021

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and... Critical Unreviewed

CVE-2020-7878 was published Dec 29, 2021

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed

CVE-2021-36751 was published Jan 3, 2022

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate... Moderate Unreviewed

CVE-2020-10137 was published Jan 11, 2022

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an... Critical Unreviewed

CVE-2022-22994 was published Jan 29, 2022

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient... Moderate Unreviewed

CVE-2022-22567 was published Feb 10, 2022

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to... Moderate Unreviewed

CVE-2021-24825 was published Mar 8, 2022

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed

CVE-2022-0715 was published Mar 10, 2022

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... High Unreviewed

CVE-2020-14111 was published Mar 11, 2022

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... Critical Unreviewed

CVE-2020-14115 was published Mar 11, 2022

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a... High Unreviewed

CVE-2021-4031 was published Mar 19, 2022

Insufficient Verification of input Data leading to arbitrary file download and execute was... High Unreviewed

CVE-2021-26625 was published Apr 20, 2022

Authorized users may install a maliciously modified package file when updating the device via the... High Unreviewed

CVE-2022-26516 was published Apr 21, 2022

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive... High Unreviewed

CVE-2022-20795 was published Apr 22, 2022

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed

CVE-2020-14122 was published Apr 22, 2022

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by... High Unreviewed

CVE-2020-14116 was published Apr 22, 2022

This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed

CVE-2021-27759 was published May 7, 2022

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed

CVE-2021-26368 was published May 13, 2022

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed

CVE-2018-7798 was published May 13, 2022

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed

CVE-2019-1000012 was published May 13, 2022

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before... Critical Unreviewed

CVE-2015-6854 was published May 13, 2022

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3... Critical Unreviewed

CVE-2015-6853 was published May 13, 2022

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed

CVE-2014-0364 was published May 13, 2022

IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed

CVE-2016-3016 was published May 13, 2022

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

266 advisories