GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,138
Composer 4,333
Erlang 31
GitHub Actions 21
Go 2,094
Maven 5,263
npm 3,759
NuGet 678
pip 3,445
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,311

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

453 advisories

Filter by severity

Sort by

Least recently updated

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0... High Unreviewed

CVE-2021-26100 was published May 24, 2022

VersionVault Express exposes sensitive information that an attacker can use to impersonate the... Critical Unreviewed

CVE-2021-27779 was published May 26, 2022

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a... High Unreviewed

CVE-2021-34825 was published May 24, 2022

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow... High Unreviewed

CVE-2022-30237 was published Jun 3, 2022

Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed

CVE-2020-10941 was published May 24, 2022

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed

CVE-2021-27783 was published May 26, 2022

On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed

CVE-2021-28496 was published May 24, 2022

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed

CVE-2021-40650 was published Jun 15, 2022

Insecure cookies in Openshift Origin Moderate

CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed... Low Unreviewed

CVE-2020-8173 was published May 24, 2022

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed

CVE-2020-12730 was published May 24, 2022

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed

CVE-2022-20219 was published Jul 14, 2022

homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed

CVE-2020-24396 was published May 24, 2022

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed

CVE-2021-23211 was published May 24, 2022

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted... High Unreviewed

CVE-2019-6169 was published May 24, 2022

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An... Moderate Unreviewed

CVE-2019-13922 was published May 24, 2022

JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link... Moderate Unreviewed

CVE-2019-14954 was published May 24, 2022

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through... Low Unreviewed

CVE-2019-4398 was published May 24, 2022

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack... High Unreviewed

CVE-2019-18201 was published May 24, 2022

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed

CVE-2019-17218 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed

CVE-2020-15343 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed

CVE-2020-15344 was published Sep 30, 2022

The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. Moderate Unreviewed

CVE-2019-19463 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed

CVE-2020-15345 was published Sep 30, 2022

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed

CVE-2019-16672 was published May 24, 2022

Previous 1 2 3 4 5 6 7 … 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

453 advisories