Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

358 advisories

Loading
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings... High Unreviewed
CVE-2018-10080 was published May 14, 2022
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer... High Unreviewed
CVE-2015-4674 was published May 14, 2022
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it... High Unreviewed
CVE-2016-1493 was published May 14, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote... Moderate Unreviewed
CVE-2015-0251 was published May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An... High Unreviewed
CVE-2018-7932 was published May 13, 2022
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive... High Unreviewed
CVE-2018-6562 was published May 13, 2022
A content spoofing vulnerability in the following components allows to render html pages... Moderate Unreviewed
CVE-2018-2434 was published May 13, 2022
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS)... High Unreviewed
CVE-2018-12333 was published May 13, 2022
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by... High Unreviewed
CVE-2017-9606 was published May 13, 2022
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e... High Unreviewed
CVE-2017-17023 was published May 13, 2022
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to... High Unreviewed
CVE-2017-11178 was published May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... High Unreviewed
CVE-2017-11130 was published May 13, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local... High Unreviewed
CVE-2017-0563 was published May 13, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed
CVE-2015-3956 was published May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in... High Unreviewed
CVE-2017-10624 was published May 13, 2022
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software... Moderate Unreviewed
CVE-2017-12740 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other... Moderate Unreviewed
CVE-2017-1405 was published May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior... High Unreviewed
CVE-2017-3218 was published May 13, 2022
Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed
CVE-2017-3219 was published May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... Moderate Unreviewed
CVE-2018-10626 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database