GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
138 advisories
Filter by severity
This external control of file name or path vulnerability allows remote attackers to access or...
High
Unreviewed
CVE-2019-7195
was published
May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or...
High
Unreviewed
CVE-2019-7194
was published
May 24, 2022
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to...
Moderate
Unreviewed
CVE-2019-18202
was published
May 24, 2022
In the Package Manager service, there is a possible information disclosure due to a confused...
Low
Unreviewed
CVE-2019-9438
was published
May 24, 2022
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could...
Low
Unreviewed
CVE-2019-9440
was published
May 24, 2022
In the Activity Manager service, there is a possible information disclosure due to a confused...
Low
Unreviewed
CVE-2019-9292
was published
May 24, 2022
Shopware XXE Vulnerability
Moderate
CVE-2017-18357
was published
for
shopware/shopware
(Composer)
May 14, 2022
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the...
High
Unreviewed
CVE-2018-9582
was published
May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page...
Moderate
Unreviewed
CVE-2018-12381
was published
May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be...
Moderate
Unreviewed
CVE-2017-15269
was published
May 13, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,...
Moderate
Unreviewed
CVE-2017-0211
was published
May 13, 2022
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,...
High
Unreviewed
CVE-2021-43066
was published
May 12, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified...
High
Unreviewed
CVE-2022-20789
was published
Apr 22, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to...
Moderate
Unreviewed
CVE-2021-39765
was published
Mar 31, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could...
High
Unreviewed
CVE-2021-39787
was published
Mar 31, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to...
High
Unreviewed
CVE-2021-39703
was published
Mar 17, 2022
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call...
High
Unreviewed
CVE-2021-39707
was published
Mar 17, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused...
High
Unreviewed
CVE-2021-39668
was published
Feb 12, 2022
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a...
High
Unreviewed
CVE-2021-39663
was published
Feb 12, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to...
High
Unreviewed
CVE-2021-1035
was published
Jan 15, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due...
High
Unreviewed
CVE-2021-39626
was published
Jan 15, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path
High
Unreviewed
CVE-2021-3845
was published
Jan 5, 2022
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful...
Moderate
Unreviewed
CVE-2021-37112
was published
Jan 4, 2022
Password vault has a External Control of System or Configuration Setting vulnerability.Successful...
High
Unreviewed
CVE-2021-39971
was published
Jan 4, 2022
ProTip!
Advisories are also available from the
GraphQL API