Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It... Moderate Unreviewed
CVE-2022-27225 was published Mar 17, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed
CVE-2022-35860 was published Oct 19, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed
CVE-2020-10941 was published May 24, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed
CVE-2021-28496 was published May 24, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An... Moderate Unreviewed
CVE-2019-13922 was published May 24, 2022
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link... Moderate Unreviewed
CVE-2019-14954 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed
CVE-2020-15343 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed
CVE-2020-15344 was published Sep 30, 2022
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. Moderate Unreviewed
CVE-2019-19463 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed
CVE-2020-15345 was published Sep 30, 2022
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed
CVE-2019-16672 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed
CVE-2020-15342 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Moderate Unreviewed
CVE-2020-15346 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. Moderate Unreviewed
CVE-2020-15330 was published Sep 30, 2022
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces.... Moderate Unreviewed
CVE-2019-14317 was published May 24, 2022
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. Moderate Unreviewed
CVE-2019-16274 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database