Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,082
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2018-1683 was published May 13, 2022
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or... High Unreviewed
CVE-2017-17763 was published May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by... High Unreviewed
CVE-2019-6518 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were... High Unreviewed
CVE-2017-12817 was published May 13, 2022
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted... High Unreviewed
CVE-2017-7729 was published May 13, 2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone... High Unreviewed
CVE-2022-29945 was published Apr 30, 2022
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to... High Unreviewed
CVE-2011-3355 was published Apr 22, 2022
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its... High Unreviewed
CVE-2021-33020 was published Apr 3, 2022
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including... High Unreviewed
CVE-2020-9058 was published Jan 11, 2022
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption,... High Unreviewed
CVE-2020-9057 was published Jan 11, 2022
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This... High Unreviewed
CVE-2021-40148 was published Jan 5, 2022
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the... High Unreviewed
CVE-2021-37189 was published Dec 11, 2021
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37050 was published Dec 9, 2021
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number... High Unreviewed
CVE-2021-44480 was published Dec 2, 2021
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Downloads Resources over HTTP in pm2-kafka High
CVE-2016-10693 was published for pm2-kafka (npm) Sep 1, 2020
Downloads Resources over HTTP in npm-test-sqlite3-trunk High
CVE-2016-10695 was published for npm-test-sqlite3-trunk (npm) Sep 1, 2020
Downloads Resources over HTTP in windows-latestchromedriver High
CVE-2016-10696 was published for windows-latestchromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
gfe-sass downloads Resources over HTTP High
CVE-2017-16040 was published for gfe-sass (npm) Sep 1, 2020
windows-selenium-chromedriver downloads Resources over HTTP High
CVE-2016-10687 was published for windows-selenium-chromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in node-air-sdk High
CVE-2016-10647 was published for node-air-sdk (npm) Sep 1, 2020
frames-compiler downloads Resources over HTTP High
CVE-2016-10649 was published for frames-compiler (npm) Sep 1, 2020
Downloads Resources over HTTP in apk-parser3 High
CVE-2016-10574 was published for apk-parser3 (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database