Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,056 advisories

Loading
It was found that system umask policy is not being honored when creating XDG user directories,... High Unreviewed
CVE-2017-15131 was published May 13, 2022
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files... High Unreviewed
CVE-2015-3306 was published May 13, 2022
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not... High Unreviewed
CVE-2016-4979 was published May 13, 2022
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not... High Unreviewed
CVE-2016-5387 was published May 13, 2022
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the... High Unreviewed
CVE-2016-9599 was published May 13, 2022
A privilege escalation vulnerability exists in the router configuration import functionality of... High Unreviewed
CVE-2022-21182 was published May 13, 2022
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute... High Unreviewed
CVE-2013-0422 was published May 5, 2022
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter... High Unreviewed
CVE-2009-5151 was published May 2, 2022
Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the... High Unreviewed
CVE-2009-5150 was published May 2, 2022
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the... High Unreviewed
CVE-2009-2092 was published May 2, 2022
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long... High Unreviewed
CVE-2001-0781 was published Apr 30, 2022
The setup program for the affected product configures its files and folders with full access,... High Unreviewed
CVE-2021-43986 was published Apr 21, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... High Unreviewed
CVE-2022-20716 was published Apr 16, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control... High Unreviewed
CVE-2022-22190 was published Apr 15, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... High Unreviewed
CVE-2022-25755 was published Apr 13, 2022
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in... High Unreviewed
CVE-2022-1316 was published Apr 12, 2022
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to... High Unreviewed
CVE-2022-27838 was published Apr 12, 2022
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core -... High Unreviewed
CVE-2022-20762 was published Apr 7, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF... High Unreviewed
CVE-2021-24905 was published Mar 22, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up... High Unreviewed
CVE-2022-0815 was published Mar 12, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23... High Unreviewed
CVE-2022-24309 was published Mar 9, 2022
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in... High Unreviewed
CVE-2021-25087 was published Mar 8, 2022
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. High Unreviewed
CVE-2022-0824 was published Mar 3, 2022
The backend infrastructure shared by multiple mobile device monitoring services does not... High Unreviewed
CVE-2022-0732 was published Feb 25, 2022
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111... High Unreviewed
CVE-2022-21825 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database