Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Insecure defaults in UmbracoForms High
CVE-2020-7685 was published for UmbracoForms (NuGet) Jul 29, 2020
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Arbitrary Code Execution in grunt High
CVE-2020-7729 was published for grunt (npm) May 6, 2021
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows... Moderate Unreviewed
CVE-2021-35535 was published Nov 19, 2021
In miniadb, there is a possible way to get read/write access to recovery system properties due to... High Unreviewed
CVE-2021-39767 was published Mar 31, 2022
makepasswd 1.10 default settings generate insecure passwords Moderate Unreviewed
CVE-2010-2247 was published Apr 21, 2022
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default... Critical Unreviewed
CVE-2022-24706 was published Apr 27, 2022
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a... Moderate Unreviewed
CVE-2018-10989 was published May 13, 2022
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in... Critical Unreviewed
CVE-2017-5178 was published May 13, 2022
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running... Critical Unreviewed
CVE-2017-3834 was published May 13, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store... High Unreviewed
CVE-2019-3783 was published May 13, 2022
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker... High Unreviewed
CVE-2018-0263 was published May 13, 2022
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this... High Unreviewed
CVE-2018-17485 was published May 13, 2022
eVisitorPass contains default administrative credentials. An attacker could exploit this... High Unreviewed
CVE-2018-17497 was published May 13, 2022
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a... Critical Unreviewed
CVE-2018-19275 was published May 13, 2022
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings... High Unreviewed
CVE-2019-1994 was published May 13, 2022
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change... Critical Unreviewed
CVE-2019-3909 was published May 13, 2022
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability... Critical Unreviewed
CVE-2017-8021 was published May 13, 2022
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used... Moderate Unreviewed
CVE-2018-3825 was published May 13, 2022
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that... High Unreviewed
CVE-2018-1524 was published May 13, 2022
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify... High Unreviewed
CVE-2018-10605 was published May 13, 2022
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic... Critical Unreviewed
CVE-2018-0130 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API