GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
110 advisories
Filter by severity
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon...
Moderate
Unreviewed
CVE-2020-7541
was published
May 24, 2022
In affected Ops Manager versions there is an exposed http route was that may allow attackers to...
Moderate
Unreviewed
CVE-2019-2388
was published
May 24, 2022
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of...
High
Unreviewed
CVE-2020-10181
was published
May 24, 2022
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/...
Moderate
Unreviewed
CVE-2019-16388
was published
May 24, 2022
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso...
Moderate
Unreviewed
CVE-2019-16386
was published
May 24, 2022
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated...
Moderate
Unreviewed
CVE-2019-17503
was published
May 24, 2022
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the...
Moderate
Unreviewed
CVE-2019-1220
was published
May 24, 2022
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or...
High
Unreviewed
CVE-2019-14347
was published
May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to...
Critical
Unreviewed
CVE-2019-9884
was published
May 24, 2022
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a...
Moderate
Unreviewed
CVE-2019-13981
was published
May 24, 2022
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices...
Critical
Unreviewed
CVE-2019-12583
was published
May 24, 2022
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23,...
High
Unreviewed
CVE-2018-7526
was published
May 13, 2022
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct...
Critical
Unreviewed
CVE-2018-6624
was published
May 13, 2022
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows...
Critical
Unreviewed
CVE-2018-19207
was published
May 13, 2022
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0...
Moderate
Unreviewed
CVE-2018-19143
was published
May 13, 2022
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by...
High
Unreviewed
CVE-2018-19109
was published
May 13, 2022
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an...
Critical
Unreviewed
CVE-2018-18922
was published
May 13, 2022
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control...
High
Unreviewed
CVE-2018-18862
was published
May 13, 2022
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0...
Moderate
Unreviewed
CVE-2018-11346
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10...
Moderate
Unreviewed
CVE-2017-2486
was published
May 13, 2022
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory...
Low
Unreviewed
CVE-2017-2161
was published
May 13, 2022
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese...
Moderate
Unreviewed
CVE-2017-2139
was published
May 13, 2022
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10...
Moderate
Unreviewed
CVE-2017-2143
was published
May 13, 2022
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global...
Critical
Unreviewed
CVE-2017-17736
was published
May 13, 2022
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance),...
High
Unreviewed
CVE-2017-14993
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API