GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
34 advisories
Filter by severity
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated...
High
Unreviewed
CVE-2021-24831
was published
Jan 4, 2022
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as...
High
Unreviewed
CVE-2022-1077
was published
Mar 30, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP...
High
Unreviewed
CVE-2022-27480
was published
Apr 13, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export....
High
Unreviewed
CVE-2021-34588
was published
Apr 28, 2022
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system...
High
Unreviewed
CVE-2004-2144
was published
Apr 29, 2022
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users...
High
Unreviewed
CVE-2005-1654
was published
May 1, 2022
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to...
High
Unreviewed
CVE-2005-1668
was published
May 1, 2022
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct...
High
Unreviewed
CVE-2005-1685
was published
May 1, 2022
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as...
High
Unreviewed
CVE-2005-1827
was published
May 1, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote,...
High
Unreviewed
CVE-2019-3917
was published
May 13, 2022
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass...
High
Unreviewed
CVE-2019-6551
was published
May 13, 2022
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to...
High
Unreviewed
CVE-2017-15235
was published
May 13, 2022
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP...
High
Unreviewed
CVE-2018-16706
was published
May 13, 2022
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02...
High
Unreviewed
CVE-2019-3916
was published
May 13, 2022
The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote...
High
Unreviewed
CVE-2019-6126
was published
May 13, 2022
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before...
High
Unreviewed
CVE-2018-6669
was published
May 13, 2022
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance),...
High
Unreviewed
CVE-2017-14993
was published
May 13, 2022
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control...
High
Unreviewed
CVE-2018-18862
was published
May 13, 2022
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by...
High
Unreviewed
CVE-2018-19109
was published
May 13, 2022
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23,...
High
Unreviewed
CVE-2018-7526
was published
May 13, 2022
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or...
High
Unreviewed
CVE-2019-14347
was published
May 24, 2022
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of...
High
Unreviewed
CVE-2020-10181
was published
May 24, 2022
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information ...
High
Unreviewed
CVE-2018-16060
was published
May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location,...
High
Unreviewed
CVE-2021-24695
was published
May 24, 2022
An unauthenticated attacker could arbitrarily upload firmware files to the target device,...
High
Unreviewed
CVE-2022-31480
was published
Jun 7, 2022
ProTip!
Advisories are also available from the
GraphQL API