Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only... Moderate Unreviewed
CVE-2022-26390 was published Sep 10, 2022
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may... Moderate Unreviewed
CVE-2022-38194 was published Aug 17, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow... High Unreviewed
CVE-2022-30237 was published Jun 3, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
VersionVault Express exposes sensitive information that an attacker can use to impersonate the... Critical Unreviewed
CVE-2021-27779 was published May 26, 2022
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the... High Unreviewed
CVE-2021-41302 was published May 24, 2022
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones... High Unreviewed
CVE-2021-22932 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed
CVE-2021-3774 was published May 24, 2022
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.... Moderate Unreviewed
CVE-2021-35236 was published May 24, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed
CVE-2021-28496 was published May 24, 2022
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client... Moderate Unreviewed
CVE-2021-3882 was published May 24, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all... Moderate Unreviewed
CVE-2021-22782 was published May 24, 2022
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0... High Unreviewed
CVE-2021-26100 was published May 24, 2022
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a... High Unreviewed
CVE-2021-34825 was published May 24, 2022
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information... Moderate Unreviewed
CVE-2021-20567 was published May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2019-4471 was published May 24, 2022
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed
CVE-2020-24396 was published May 24, 2022
IBM API Connect V10 is impacted by insecure communications during database replication. As the... High Unreviewed
CVE-2020-4695 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API