GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,722
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
322 advisories
Filter by severity
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with...
High
Unreviewed
CVE-2022-42276
was published
Jan 13, 2023
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private...
High
Unreviewed
CVE-2022-46463
was published
Jan 13, 2023
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any...
High
Unreviewed
CVE-2022-24396
was published
Mar 11, 2022
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune...
High
Unreviewed
CVE-2021-33658
was published
Mar 12, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
High
Unreviewed
CVE-2022-25250
was published
Mar 17, 2022
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6...
High
Unreviewed
CVE-2021-44260
was published
Mar 18, 2022
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which...
High
Unreviewed
CVE-2021-44262
was published
Mar 18, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an...
High
Unreviewed
CVE-2022-25008
was published
Apr 1, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing...
High
Unreviewed
CVE-2020-27376
was published
Apr 8, 2022
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior...
High
Unreviewed
CVE-2021-25094
was published
Apr 26, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
High
Unreviewed
CVE-2020-15336
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of...
High
Unreviewed
CVE-2019-5163
was published
May 24, 2022
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality...
High
Unreviewed
CVE-2022-26043
was published
May 26, 2022
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles...
High
Unreviewed
CVE-2022-26067
was published
May 26, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
High
Unreviewed
CVE-2020-15335
was published
May 24, 2022
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can...
High
Unreviewed
CVE-2020-21996
was published
May 24, 2022
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of...
High
Unreviewed
CVE-2022-26026
was published
May 26, 2022
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console....
High
Unreviewed
CVE-2022-29402
was published
May 26, 2022
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) ...
High
Unreviewed
CVE-2020-15799
was published
May 24, 2022
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer...
High
Unreviewed
CVE-2020-7389
was published
May 24, 2022
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal...
High
Unreviewed
CVE-2021-20990
was published
May 24, 2022
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access...
High
Unreviewed
CVE-2020-15078
was published
May 24, 2022
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access...
High
Unreviewed
CVE-2020-17517
was published
May 24, 2022
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of...
High
Unreviewed
CVE-2022-32157
was published
Jun 16, 2022
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat...
High
Unreviewed
CVE-2017-4055
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API