GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
81 advisories
Filter by severity
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't...
Moderate
Unreviewed
CVE-2022-29035
was published
Apr 12, 2022
SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value
Moderate
Unreviewed
CVE-2022-29930
was published
May 13, 2022
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's...
Moderate
Unreviewed
CVE-2018-1108
was published
May 13, 2022
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute...
Moderate
Unreviewed
CVE-2020-15023
was published
May 24, 2022
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of...
Moderate
Unreviewed
CVE-2021-25444
was published
May 24, 2022
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker...
Moderate
Unreviewed
CVE-2022-33707
was published
Jul 13, 2022
totd before 1.5.3 does not properly randomize mesg IDs.
Moderate
Unreviewed
CVE-2022-34295
was published
Jun 24, 2022
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
Moderate
Unreviewed
CVE-2022-25047
was published
Jul 8, 2022
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random...
Moderate
Unreviewed
CVE-2015-9019
was published
May 17, 2022
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This...
Moderate
Unreviewed
CVE-2021-4277
was published
Dec 25, 2022
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1....
Moderate
Unreviewed
CVE-2022-3959
was published
Nov 11, 2022
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used...
Moderate
Unreviewed
CVE-2022-38970
was published
Sep 27, 2022
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device...
Moderate
Unreviewed
CVE-2019-18282
was published
May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in...
Moderate
Unreviewed
CVE-2020-7241
was published
May 24, 2022
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2...
Moderate
Unreviewed
CVE-2020-1759
was published
May 24, 2022
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of...
Moderate
Unreviewed
CVE-2020-13817
was published
May 24, 2022
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the...
Moderate
Unreviewed
CVE-2020-10274
was published
May 24, 2022
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain...
Moderate
Unreviewed
CVE-2020-16166
was published
May 24, 2022
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of...
Moderate
Unreviewed
CVE-2021-0375
was published
May 24, 2022
An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which...
Moderate
Unreviewed
CVE-2022-44795
was published
Nov 7, 2022
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions...
Moderate
Unreviewed
CVE-2021-27393
was published
May 24, 2022
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote...
Moderate
Unreviewed
CVE-2021-25375
was published
May 24, 2022
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing...
Moderate
Unreviewed
CVE-2021-26909
was published
May 24, 2022
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and...
Moderate
Unreviewed
CVE-2021-23020
was published
May 24, 2022
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms...
Moderate
Unreviewed
CVE-2021-3446
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API