Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone... High Unreviewed
CVE-2022-29945 was published Apr 30, 2022
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted... High Unreviewed
CVE-2017-7729 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were... High Unreviewed
CVE-2017-12817 was published May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by... High Unreviewed
CVE-2019-6518 was published May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or... High Unreviewed
CVE-2017-17763 was published May 13, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2018-1683 was published May 13, 2022
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for... High Unreviewed
CVE-2017-5251 was published May 13, 2022
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a... High Unreviewed
CVE-2017-15397 was published May 13, 2022
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other... High Unreviewed
CVE-2017-15581 was published May 13, 2022
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a... High Unreviewed
CVE-2017-15609 was published May 13, 2022
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud... High Unreviewed
CVE-2017-8221 was published May 13, 2022
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17... High Unreviewed
CVE-2017-9604 was published May 13, 2022
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level... High Unreviewed
CVE-2018-14608 was published May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer... High Unreviewed
CVE-2018-14607 was published May 13, 2022
Ansible Leaks Data Passed to ssh-keygen High
CVE-2018-16837 was published for ansible (pip) May 13, 2022
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This... High Unreviewed
CVE-2018-5162 was published May 13, 2022
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext... High Unreviewed
CVE-2018-5261 was published May 13, 2022
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the... High Unreviewed
CVE-2018-5481 was published May 13, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions... High Unreviewed
CVE-2018-7781 was published May 13, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files High
CVE-2019-11405 was published for org.openapitools:openapi-generator (Maven) May 24, 2022
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var... High Unreviewed
CVE-2019-10139 was published May 24, 2022
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic... High Unreviewed
CVE-2018-10690 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database