Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0337 was published May 24, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0338 was published May 24, 2022
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a... Moderate Unreviewed
CVE-2022-20199 was published Dec 20, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7195 was published May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7194 was published May 24, 2022
In the Activity Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9292 was published May 24, 2022
In the Package Manager service, there is a possible information disclosure due to a confused... Low Unreviewed
CVE-2019-9438 was published May 24, 2022
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could... Low Unreviewed
CVE-2019-9440 was published May 24, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple... High Unreviewed
CVE-2016-0796 was published Jul 29, 2022
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50.... Moderate Unreviewed
CVE-2015-10003 was published Jul 18, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote... Moderate Unreviewed
CVE-2022-30245 was published Jul 16, 2022
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to... High Unreviewed
CVE-2022-20223 was published Jul 14, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name... High Unreviewed
CVE-2022-24241 was published Jun 3, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed
CVE-2022-20789 was published Apr 22, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed
CVE-2021-39765 was published Mar 31, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could... High Unreviewed
CVE-2021-39787 was published Mar 31, 2022
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to... High Unreviewed
CVE-2021-39703 was published Mar 17, 2022
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call... High Unreviewed
CVE-2021-39707 was published Mar 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database