GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass...
High
Unreviewed
CVE-2019-6551
was published
May 13, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote,...
High
Unreviewed
CVE-2019-3917
was published
May 13, 2022
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2...
Critical
Unreviewed
CVE-2017-14244
was published
May 13, 2022
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the...
Critical
Unreviewed
CVE-2019-9552
was published
May 13, 2022
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software...
Moderate
Unreviewed
CVE-2015-2873
was published
May 13, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export....
High
Unreviewed
CVE-2021-34588
was published
Apr 28, 2022
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon...
Moderate
Unreviewed
CVE-2020-7541
was published
May 24, 2022
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated...
High
Unreviewed
CVE-2022-2551
was published
Aug 23, 2022
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores...
High
Unreviewed
CVE-2022-2544
was published
Aug 23, 2022
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with...
High
Unreviewed
CVE-2022-2192
was published
Jul 20, 2022
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location,...
High
Unreviewed
CVE-2021-24695
was published
May 24, 2022
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of...
Moderate
Unreviewed
CVE-2022-31485
was published
Jun 7, 2022
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1...
High
Unreviewed
CVE-2021-44582
was published
Jun 11, 2022
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress...
Critical
Unreviewed
CVE-2021-24215
was published
May 24, 2022
An unauthenticated attacker could arbitrarily upload firmware files to the target device,...
High
Unreviewed
CVE-2022-31480
was published
Jun 7, 2022
An unauthenticated attacker can send a specially crafted network packet to delete a user from the...
High
Unreviewed
CVE-2022-31484
was published
Jun 7, 2022
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the...
Moderate
Unreviewed
CVE-2021-24238
was published
May 24, 2022
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of...
High
Unreviewed
CVE-2020-10181
was published
May 24, 2022
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure...
Moderate
Unreviewed
CVE-2022-24385
was published
Mar 15, 2022
ProTip!
Advisories are also available from the
GraphQL API