Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,776 advisories

Loading
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a... Low Unreviewed
CVE-2018-20944 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval... Low Unreviewed
CVE-2018-20940 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive... Low Unreviewed
CVE-2018-20946 was published May 24, 2022
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval... Low Unreviewed
CVE-2018-20942 was published May 24, 2022
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC... Low Unreviewed
CVE-2017-18384 was published May 24, 2022
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable... Low Unreviewed
CVE-2017-18391 was published May 24, 2022
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). Low Unreviewed
CVE-2017-18397 was published May 24, 2022
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple... Low Unreviewed
CVE-2017-18392 was published May 24, 2022
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of... Low Unreviewed
CVE-2017-18412 was published May 24, 2022
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC... Low Unreviewed
CVE-2017-18422 was published May 24, 2022
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). Low Unreviewed
CVE-2017-18421 was published May 24, 2022
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). Low Unreviewed
CVE-2017-18423 was published May 24, 2022
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable... Low Unreviewed
CVE-2017-18424 was published May 24, 2022
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). Low Unreviewed
CVE-2017-18425 was published May 24, 2022
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log... Low Unreviewed
CVE-2017-18428 was published May 24, 2022
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). Low Unreviewed
CVE-2017-18427 was published May 24, 2022
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account... Low Unreviewed
CVE-2017-18429 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call ... Low Unreviewed
CVE-2017-18436 was published May 24, 2022
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). Low Unreviewed
CVE-2017-18458 was published May 24, 2022
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang... Low Unreviewed
CVE-2016-10772 was published May 24, 2022
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). Low Unreviewed
CVE-2016-10796 was published May 24, 2022
In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating... Low Unreviewed
CVE-2019-10988 was published May 24, 2022
In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE... Low Unreviewed
CVE-2018-9581 was published May 24, 2022
In the proc filesystem, there is a possible information disclosure due to log information... Low Unreviewed
CVE-2019-9277 was published May 24, 2022
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate... Low Unreviewed
CVE-2019-9351 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API