GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
31 advisories
Filter by severity
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default...
Critical
Unreviewed
CVE-2022-24706
was published
Apr 27, 2022
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in...
Critical
Unreviewed
CVE-2017-5178
was published
May 13, 2022
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running...
Critical
Unreviewed
CVE-2017-3834
was published
May 13, 2022
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a...
Critical
Unreviewed
CVE-2018-19275
was published
May 13, 2022
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change...
Critical
Unreviewed
CVE-2019-3909
was published
May 13, 2022
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability...
Critical
Unreviewed
CVE-2017-8021
was published
May 13, 2022
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic...
Critical
Unreviewed
CVE-2018-0130
was published
May 13, 2022
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants...
Critical
Unreviewed
CVE-2017-12739
was published
May 13, 2022
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts,...
Critical
Unreviewed
CVE-2017-7964
was published
May 13, 2022
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n...
Critical
Unreviewed
CVE-2017-8218
was published
May 13, 2022
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware...
Critical
Unreviewed
CVE-2018-10251
was published
May 13, 2022
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default...
Critical
Unreviewed
CVE-2018-10968
was published
May 13, 2022
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote...
Critical
Unreviewed
CVE-2018-15350
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon...
Critical
Unreviewed
CVE-2018-3591
was published
May 13, 2022
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a...
Critical
Unreviewed
CVE-2018-5770
was published
May 13, 2022
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this...
Critical
Unreviewed
CVE-2019-11618
was published
May 24, 2022
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric...
Critical
Unreviewed
CVE-2019-1804
was published
May 24, 2022
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were...
Critical
Unreviewed
CVE-2019-5497
was published
May 24, 2022
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC...
Critical
Unreviewed
CVE-2019-4169
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive...
Critical
Unreviewed
CVE-2021-34795
was published
May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an...
Critical
Unreviewed
CVE-2021-21505
was published
May 24, 2022
The Orca HCM digital learning platform uses a weak factory default administrator password, which...
Critical
Unreviewed
CVE-2021-35965
was published
May 24, 2022
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection...
Critical
Unreviewed
CVE-2022-31806
was published
Jun 25, 2022
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do...
Critical
Unreviewed
CVE-2021-3586
was published
Aug 23, 2022
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Critical
Unreviewed
CVE-2022-48342
was published
Feb 23, 2023
ProTip!
Advisories are also available from the
GraphQL API