GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
133 advisories
Filter by severity
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to...
Moderate
Unreviewed
CVE-2020-14122
was published
Apr 22, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity...
Moderate
Unreviewed
CVE-2022-28385
was published
Jun 9, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated...
Moderate
Unreviewed
CVE-2022-31598
was published
Jul 13, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity...
Moderate
Unreviewed
CVE-2015-8254
was published
May 17, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,...
Moderate
Unreviewed
CVE-2014-4883
was published
May 17, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345...
Moderate
Unreviewed
CVE-2022-2789
was published
Aug 20, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager...
Moderate
Unreviewed
CVE-2022-39909
was published
Dec 8, 2022
In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is...
Moderate
Unreviewed
CVE-2019-0379
was published
May 24, 2022
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV...
Moderate
Unreviewed
CVE-2021-40491
was published
May 24, 2022
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the...
Moderate
Unreviewed
CVE-2019-8921
was published
Nov 30, 2021
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a...
Moderate
Unreviewed
CVE-2020-6443
was published
May 24, 2022
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that...
Moderate
Unreviewed
CVE-2020-11539
was published
May 24, 2022
** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from...
Moderate
Unreviewed
CVE-2020-12063
was published
May 24, 2022
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart...
Moderate
Unreviewed
CVE-2020-6081
was published
May 24, 2022
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using...
Moderate
Unreviewed
CVE-2020-11985
was published
May 24, 2022
There is an information disclosure vulnerability in several smartphones. The device does not...
Moderate
Unreviewed
CVE-2020-9109
was published
May 24, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a...
Moderate
Unreviewed
CVE-2020-1755
was published
Aug 17, 2022
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,...
Moderate
Unreviewed
CVE-2021-22339
was published
May 24, 2022
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0...
Moderate
Unreviewed
CVE-2021-32665
was published
May 24, 2022
Address bar search suggestions in private browsing mode were re-using session data from normal...
Moderate
Unreviewed
CVE-2021-29963
was published
May 24, 2022
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock...
Moderate
Unreviewed
CVE-2021-23998
was published
May 24, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the...
Moderate
Unreviewed
CVE-2021-21588
was published
May 24, 2022
Insufficient Data Verification in io.really:jwt-scala
Moderate
CVE-2017-10862
was published
for
io.really:jwt-scala
(Maven)
May 17, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability....
Moderate
Unreviewed
CVE-2021-22419
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API