GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,599
Composer 4,464
Erlang 33
GitHub Actions 22
Go 2,163
Maven 5,348
npm 3,821
NuGet 696
pip 3,502
Pub 12
RubyGems 909
Rust 904
Swift 38

Unreviewed advisories

All unreviewed 247,595

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

283 advisories

Filter by severity

Sort by

Least recently updated

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed

CVE-2016-4554 was published May 13, 2022

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed

CVE-2016-4553 was published May 13, 2022

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks... High Unreviewed

CVE-2017-11103 was published May 13, 2022

GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed

CVE-2019-7323 was published May 13, 2022

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed

CVE-2019-0805 was published May 13, 2022

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. Critical Unreviewed

CVE-2018-19971 was published May 13, 2022

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed

CVE-2018-17938 was published May 13, 2022

IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed

CVE-2016-3016 was published May 13, 2022

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed

CVE-2014-0364 was published May 13, 2022

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3... Critical Unreviewed

CVE-2015-6853 was published May 13, 2022

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before... Critical Unreviewed

CVE-2015-6854 was published May 13, 2022

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed

CVE-2019-1000012 was published May 13, 2022

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed

CVE-2018-7798 was published May 13, 2022

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed

CVE-2021-26368 was published May 13, 2022

This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed

CVE-2021-27759 was published May 7, 2022

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by... High Unreviewed

CVE-2020-14116 was published Apr 22, 2022

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to... Moderate Unreviewed

CVE-2020-14122 was published Apr 22, 2022

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive... High Unreviewed

CVE-2022-20795 was published Apr 22, 2022

Authorized users may install a maliciously modified package file when updating the device via the... High Unreviewed

CVE-2022-26516 was published Apr 21, 2022

Insufficient Verification of input Data leading to arbitrary file download and execute was... High Unreviewed

CVE-2021-26625 was published Apr 20, 2022

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed

CVE-2022-26871 was published Mar 30, 2022

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a... High Unreviewed

CVE-2021-4031 was published Mar 19, 2022

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... High Unreviewed

CVE-2020-14111 was published Mar 11, 2022

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... Critical Unreviewed

CVE-2020-14115 was published Mar 11, 2022

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed

CVE-2022-0715 was published Mar 10, 2022

Previous 1 2 … 8 9 10 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

283 advisories