GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,927
Composer 4,272
Erlang 31
GitHub Actions 21
Go 2,047
Maven 5,232
npm 3,739
NuGet 668
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,377

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

159 advisories

Filter by severity

Sort by

Least recently updated

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This... Critical Unreviewed

CVE-2020-25359 was published May 24, 2022

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to... Critical Unreviewed

CVE-2020-18753 was published May 24, 2022

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start... Critical Unreviewed

CVE-2021-35327 was published May 24, 2022

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5... Critical Unreviewed

CVE-2020-36239 was published May 24, 2022

File Deletion vulnerability in Halo 0.4.3 via delBackup. Critical Unreviewed

CVE-2020-19038 was published May 24, 2022

Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the AUTO_PASSTHROUGH routing... Critical Unreviewed

CVE-2021-31921 was published May 24, 2022

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before... Critical Unreviewed

CVE-2021-22891 was published May 24, 2022

It has been discovered that redhat-certification does not perform an authorization check and it... Critical Unreviewed

CVE-2018-10866 was published May 24, 2022

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented... Critical Unreviewed

CVE-2020-4669 was published May 24, 2022

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can... Critical Unreviewed

CVE-2021-27573 was published May 24, 2022

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a... Critical Unreviewed

CVE-2021-26990 was published May 24, 2022

** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access.... Critical Unreviewed

CVE-2021-28154 was published May 24, 2022

An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows... Critical Unreviewed

CVE-2021-28141 was published May 24, 2022

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by... Critical Unreviewed

CVE-2020-35219 was published May 24, 2022

An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is... Critical Unreviewed

CVE-2020-29551 was published May 24, 2022

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older),... Critical Unreviewed

CVE-2020-28215 was published May 24, 2022

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php... Critical Unreviewed

CVE-2020-29006 was published May 24, 2022

An authorization bypass and PHP local-file-include vulnerability in the installation component of... Critical Unreviewed

CVE-2020-7472 was published May 24, 2022

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed

CVE-2020-26824 was published May 24, 2022

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed

CVE-2020-26822 was published May 24, 2022

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed

CVE-2020-26821 was published May 24, 2022

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed

CVE-2020-26823 was published May 24, 2022

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain... Critical Unreviewed

CVE-2020-28036 was published May 24, 2022

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s):... Critical Unreviewed

CVE-2020-7124 was published May 24, 2022

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system.... Critical Unreviewed

CVE-2019-19885 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

159 advisories