Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

220 advisories

Loading
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file ... Critical Unreviewed
CVE-2022-26479 was published Jul 18, 2022
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.... Critical Unreviewed
CVE-2022-35890 was published Jul 16, 2022
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created... Critical Unreviewed
CVE-2022-32294 was published Jul 12, 2022
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI... Critical Unreviewed
CVE-2022-32295 was published Jul 2, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible... Critical Unreviewed
CVE-2022-27668 was published Jun 15, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30308 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30311 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30310 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30309 was published Jun 14, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an... Critical Unreviewed
CVE-2022-25237 was published Jun 3, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the... Critical Unreviewed
CVE-2022-29633 was published May 27, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Critical Unreviewed
CVE-2022-23775 was published May 26, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file... Critical Unreviewed
CVE-2021-42002 was published May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,... Critical Unreviewed
CVE-2021-42837 was published May 24, 2022
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is... Critical Unreviewed
CVE-2021-35368 was published May 24, 2022
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability... Critical Unreviewed
CVE-2021-20136 was published May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that... Critical Unreviewed
CVE-2021-3705 was published May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and... Critical Unreviewed
CVE-2021-41873 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's... Critical Unreviewed
CVE-2020-12030 was published May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed... Critical Unreviewed
CVE-2021-35943 was published May 24, 2022
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the... Critical Unreviewed
CVE-2020-21124 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database