GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,414

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

299 advisories

Filter by severity

Sort by

Least recently updated

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which... Moderate Unreviewed

CVE-2022-35888 was published Sep 30, 2022

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the... Moderate Unreviewed

CVE-2022-32218 was published Sep 25, 2022

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to... Moderate Unreviewed

CVE-2022-1989 was published Aug 24, 2022

Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed

CVE-2022-34623 was published Aug 20, 2022

In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20324 was published Aug 13, 2022

In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed

CVE-2022-20304 was published Aug 13, 2022

In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20293 was published Aug 13, 2022

In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20291 was published Aug 13, 2022

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79... Moderate Unreviewed

CVE-2022-2612 was published Aug 13, 2022

In Telephony, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20242 was published Aug 12, 2022

In USB Manager, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2021-0975 was published Aug 12, 2022

Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed

CVE-2022-34704 was published Aug 10, 2022

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed

CVE-2022-32425 was published Jul 15, 2022

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed

CVE-2022-20752 was published Jul 7, 2022

A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed

CVE-2021-41634 was published Jun 25, 2022

A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed

CVE-2022-23823 was published Jun 16, 2022

Observable behavioral in power management throttling for some Intel(R) Processors may allow an... Moderate Unreviewed

CVE-2022-24436 was published Jun 16, 2022

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed

CVE-2022-27221 was published Jun 15, 2022

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could... Moderate Unreviewed

CVE-2022-0823 was published Jun 10, 2022

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed

CVE-2022-32273 was published Jun 9, 2022

An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password... Moderate Unreviewed

CVE-2021-20113 was published May 24, 2022

Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is... Moderate Unreviewed

CVE-2021-43398 was published May 24, 2022

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process... Moderate Unreviewed

CVE-2021-38476 was published May 24, 2022

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD... Moderate Unreviewed

CVE-2021-26318 was published May 24, 2022

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to... Moderate Unreviewed

CVE-2021-20376 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

299 advisories