GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
59 advisories
Filter by severity
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate...
High
Unreviewed
CVE-2024-41708
was published
Sep 25, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in...
High
Unreviewed
CVE-2024-21460
was published
Jul 1, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th...
High
Unreviewed
CVE-2024-25943
was published
Jun 29, 2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All...
High
Unreviewed
CVE-2024-35292
was published
Jun 11, 2024
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon...
High
Unreviewed
CVE-2020-1472
was published
May 24, 2022
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of...
High
Unreviewed
CVE-2023-34353
was published
Sep 5, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ...
High
Unreviewed
CVE-2020-27213
was published
Oct 10, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of...
High
Unreviewed
CVE-2023-1385
was published
Jul 6, 2023
Use of insufficiently random values vulnerability in User Management Functionality in Synology...
High
Unreviewed
CVE-2023-2729
was published
Jun 13, 2023
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker...
High
Unreviewed
CVE-2023-1898
was published
Jun 12, 2023
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including...
High
Unreviewed
CVE-2019-11641
was published
May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector...
High
Unreviewed
CVE-2020-11877
was published
May 24, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses...
High
Unreviewed
CVE-2008-0087
was published
May 1, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business...
High
Unreviewed
CVE-2008-2433
was published
May 1, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently...
High
Unreviewed
CVE-2009-2158
was published
May 2, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,...
High
Unreviewed
CVE-2008-3612
was published
May 2, 2022
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-0761
was published
Feb 6, 2024
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of...
High
Unreviewed
CVE-2008-0141
was published
May 1, 2022
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000...
High
Unreviewed
CVE-2023-20185
was published
Jul 12, 2023
Functions with insufficient randomness were used to generate authorization tokens of the...
High
Unreviewed
CVE-2023-26451
was published
Aug 2, 2023
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37400
was published
Aug 16, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26306
was published
Jul 26, 2022
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers...
High
Unreviewed
CVE-2023-26855
was published
Apr 4, 2023
ProTip!
Advisories are also available from the
GraphQL API