GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,498

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

59 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate... High Unreviewed

CVE-2024-41708 was published Sep 25, 2024

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in... High Unreviewed

CVE-2024-21460 was published Jul 1, 2024

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th... High Unreviewed

CVE-2024-25943 was published Jun 29, 2024

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All... High Unreviewed

CVE-2024-35292 was published Jun 11, 2024

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed

CVE-2024-0761 was published Feb 6, 2024

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ... High Unreviewed

CVE-2020-27213 was published Oct 10, 2023

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of... High Unreviewed

CVE-2023-34353 was published Sep 5, 2023

Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed

CVE-2023-26451 was published Aug 2, 2023

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed

CVE-2023-20185 was published Jul 12, 2023

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of... High Unreviewed

CVE-2023-1385 was published Jul 6, 2023

Use of insufficiently random values vulnerability in User Management Functionality in Synology... High Unreviewed

CVE-2023-2729 was published Jun 13, 2023

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker... High Unreviewed

CVE-2023-1898 was published Jun 12, 2023

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers... High Unreviewed

CVE-2023-26855 was published Apr 4, 2023

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and... High Unreviewed

CVE-2023-0343 was published Mar 31, 2023

This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed

CVE-2022-43636 was published Mar 29, 2023

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017... High Unreviewed

CVE-2017-5242 was published Jan 13, 2023

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... High Unreviewed

CVE-2023-22601 was published Jan 13, 2023

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by... High Unreviewed

CVE-2019-25089 was published Dec 27, 2022

Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed

CVE-2022-37400 was published Aug 16, 2022

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1... High Unreviewed

CVE-2022-30629 was published Aug 11, 2022

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation... High Unreviewed

CVE-2022-29808 was published Aug 3, 2022

LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed

CVE-2022-26306 was published Jul 26, 2022

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of... High Unreviewed

CVE-2022-32284 was published Jul 5, 2022

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values... High Unreviewed

CVE-2022-23138 was published Jun 10, 2022

Persistent platform private key may not be protected with a random IV leading to a potential “two... High Unreviewed

CVE-2021-26322 was published May 24, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

59 advisories