GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
110 advisories
Filter by severity
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated...
High
Unreviewed
CVE-2021-24831
was published
Jan 4, 2022
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture...
Moderate
Unreviewed
CVE-2021-24046
was published
Jan 15, 2022
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022...
Moderate
Unreviewed
CVE-2022-24932
was published
Mar 11, 2022
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure...
Moderate
Unreviewed
CVE-2022-24385
was published
Mar 15, 2022
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as...
High
Unreviewed
CVE-2022-1077
was published
Mar 30, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP...
High
Unreviewed
CVE-2022-27480
was published
Apr 13, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export....
High
Unreviewed
CVE-2021-34588
was published
Apr 28, 2022
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system...
High
Unreviewed
CVE-2004-2144
was published
Apr 29, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images...
Moderate
Unreviewed
CVE-2004-2257
was published
Apr 29, 2022
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files...
Moderate
Unreviewed
CVE-2002-1798
was published
Apr 30, 2022
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users...
High
Unreviewed
CVE-2005-1654
was published
May 1, 2022
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to...
High
Unreviewed
CVE-2005-1668
was published
May 1, 2022
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct...
High
Unreviewed
CVE-2005-1685
was published
May 1, 2022
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct...
Moderate
Unreviewed
CVE-2005-1688
was published
May 1, 2022
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive...
Moderate
Unreviewed
CVE-2005-1697
was published
May 1, 2022
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct...
Moderate
Unreviewed
CVE-2005-1698
was published
May 1, 2022
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as...
High
Unreviewed
CVE-2005-1827
was published
May 1, 2022
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive...
Moderate
Unreviewed
CVE-2005-1892
was published
May 1, 2022
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software...
Moderate
Unreviewed
CVE-2015-2873
was published
May 13, 2022
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the...
Critical
Unreviewed
CVE-2019-9552
was published
May 13, 2022
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2...
Critical
Unreviewed
CVE-2017-14244
was published
May 13, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote,...
High
Unreviewed
CVE-2019-3917
was published
May 13, 2022
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass...
High
Unreviewed
CVE-2019-6551
was published
May 13, 2022
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an...
Moderate
Unreviewed
CVE-2018-0267
was published
May 13, 2022
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an...
Moderate
Unreviewed
CVE-2018-0266
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API