Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically... Moderate Unreviewed
CVE-2017-14953 was published May 13, 2022
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score:... Moderate Unreviewed
CVE-2017-14012 was published May 13, 2022
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept... Moderate Unreviewed
CVE-2018-1937 was published May 13, 2022
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept... Moderate Unreviewed
CVE-2018-1938 was published May 13, 2022
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API.... Moderate Unreviewed
CVE-2018-3826 was published May 13, 2022
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and... Moderate Unreviewed
CVE-2018-8849 was published May 13, 2022
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All... Moderate Unreviewed
CVE-2018-4855 was published May 13, 2022
An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction... Moderate Unreviewed
CVE-2019-9862 was published May 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets Moderate
CVE-2022-23116 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below,... Moderate Unreviewed
CVE-2021-36189 was published Dec 10, 2021
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca... Moderate Unreviewed
CVE-2022-3251 was published Sep 22, 2022
Missing Encryption of Sensitive Data in arrow-kt Arrow Moderate
CVE-2019-11404 was published for io.arrow-kt:arrow-ank-gradle (Maven) Apr 22, 2019
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for... Moderate Unreviewed
CVE-2017-5042 was published Apr 30, 2022
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management... Moderate Unreviewed
CVE-2022-39014 was published Sep 14, 2022
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.... Moderate Unreviewed
CVE-2021-35236 was published May 24, 2022
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all... Moderate Unreviewed
CVE-2021-22782 was published May 24, 2022
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android.... Moderate Unreviewed
CVE-2021-44518 was published Dec 3, 2021
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2019-4471 was published May 24, 2022
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information... Moderate Unreviewed
CVE-2021-20567 was published May 24, 2022
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may... Moderate Unreviewed
CVE-2022-38194 was published Aug 17, 2022
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2020-4597 was published May 24, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance... Moderate Unreviewed
CVE-2020-29024 was published May 24, 2022
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption... Moderate Unreviewed
CVE-2020-8150 was published May 24, 2022
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. Moderate Unreviewed
CVE-2020-35658 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all... Moderate Unreviewed
CVE-2020-7567 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database