Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to... Moderate Unreviewed
CVE-2019-18202 was published May 24, 2022
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,... Critical Unreviewed
CVE-2022-39952 was published Feb 16, 2023
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a... High Unreviewed
CVE-2021-39663 was published Feb 12, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused... High Unreviewed
CVE-2021-39668 was published Feb 12, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due... High Unreviewed
CVE-2021-39626 was published Jan 15, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to... High Unreviewed
CVE-2021-1035 was published Jan 15, 2022
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an... High Unreviewed
CVE-2022-34669 was published Dec 31, 2022
ILIAS before 7.16 allows External Control of File Name or Path. Moderate Unreviewed
CVE-2022-45918 was published Dec 7, 2022
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the... High Unreviewed
CVE-2018-9582 was published May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed
CVE-2018-12381 was published May 13, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed
CVE-2017-15269 was published May 13, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed
CVE-2017-0211 was published May 13, 2022
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote... High Unreviewed
CVE-2019-3996 was published May 24, 2022
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to... High Unreviewed
CVE-2021-1003 was published Dec 16, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path... Critical Unreviewed
CVE-2021-44041 was published Dec 15, 2021
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master... Critical Unreviewed
CVE-2021-43685 was published Dec 2, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
ExternalName Services can be used to gain access to Envoy's admin interface High
CVE-2021-32783 was published for github.com/projectcontour/contour (Go) Aug 30, 2021
josh-ferrell
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix Moderate
CVE-2020-5412 was published for org.springframework.cloud:spring-cloud-netflix (Maven) Apr 30, 2021
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,... High Unreviewed
CVE-2021-43066 was published May 12, 2022
An externally controlled reference to a resource vulnerability has been reported to affect QNAP... Critical Unreviewed
CVE-2022-27593 was published Sep 9, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database