GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19 advisories
Filter by severity
VersionVault Express exposes sensitive information that an attacker can use to impersonate the...
Critical
Unreviewed
CVE-2021-27779
was published
May 26, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05...
Critical
Unreviewed
CVE-2019-17218
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc...
Critical
Unreviewed
CVE-2020-15331
was published
Sep 30, 2022
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default...
Critical
Unreviewed
CVE-2018-16879
was published
May 13, 2022
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up...
Critical
Unreviewed
CVE-2018-7498
was published
May 13, 2022
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and...
Critical
Unreviewed
CVE-2017-9632
was published
May 13, 2022
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all...
Critical
Unreviewed
CVE-2018-17915
was published
May 13, 2022
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user...
Critical
Unreviewed
CVE-2018-10612
was published
May 13, 2022
An issue was discovered on August Connect devices. Insecure data transfer between the August app...
Critical
Unreviewed
CVE-2018-20100
was published
May 13, 2022
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET...
Critical
Unreviewed
CVE-2018-10698
was published
May 24, 2022
Google Nest WiFi Pro root code-execution & user-data compromise
Critical
Unreviewed
CVE-2023-6339
was published
Jan 3, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sniffing for specific...
Critical
Unreviewed
CVE-2017-9854
was published
May 13, 2022
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext...
Critical
Unreviewed
CVE-2018-13992
was published
May 24, 2022
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic...
Critical
Unreviewed
CVE-2019-11367
was published
May 24, 2022
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks...
Critical
Unreviewed
CVE-2019-12924
was published
May 24, 2022
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems...
Critical
Unreviewed
CVE-2019-3431
was published
May 24, 2022
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface....
Critical
Unreviewed
CVE-2023-0750
was published
Apr 6, 2023
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.
Critical
Unreviewed
CVE-2024-29151
was published
Mar 18, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ...
Critical
Unreviewed
CVE-2023-41095
was published
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API