Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed
CVE-2020-15344 was published Sep 30, 2022
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link... Moderate Unreviewed
CVE-2019-14954 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An... Moderate Unreviewed
CVE-2019-13922 was published May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed
CVE-2021-28496 was published May 24, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed
CVE-2020-10941 was published May 24, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed
CVE-2022-35860 was published Oct 19, 2022
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It... Moderate Unreviewed
CVE-2022-27225 was published Mar 17, 2022
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database