GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts...
High
Unreviewed
CVE-2022-25485
was published
Mar 16, 2022
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
An attacker with the ability to modify a user program may change user program code on some...
Critical
Unreviewed
CVE-2022-1161
was published
Apr 12, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by...
High
Unreviewed
CVE-2018-12120
was published
May 13, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,...
Moderate
Unreviewed
CVE-2021-29113
was published
Dec 8, 2021
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated...
High
Unreviewed
CVE-2022-30244
was published
Jul 16, 2022
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from...
High
Unreviewed
CVE-2022-30243
was published
Jul 16, 2022
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64...
High
Unreviewed
CVE-2022-33317
was published
Jul 21, 2022
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the...
High
Unreviewed
CVE-2022-34121
was published
Jul 28, 2022
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user...
Moderate
Unreviewed
CVE-2022-37191
was published
Sep 14, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be...
Moderate
Unreviewed
CVE-2019-17014
was published
May 24, 2022
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated...
Critical
Unreviewed
CVE-2022-24119
was published
Dec 26, 2022
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library)...
High
Unreviewed
CVE-2021-20443
was published
May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in...
Critical
Unreviewed
CVE-2020-4561
was published
May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212...
High
Unreviewed
CVE-2021-30507
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
Moderate
Unreviewed
CVE-2021-29777
was published
May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6.
High
Unreviewed
CVE-2021-30121
was published
May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged...
High
Unreviewed
CVE-2021-34692
was published
May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of...
Critical
Unreviewed
CVE-2021-21804
was published
May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared...
High
Unreviewed
CVE-2021-34398
was published
May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the...
High
Unreviewed
CVE-2021-38360
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API