GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request()...
High
Unreviewed
CVE-2022-40468
was published
Sep 20, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an...
High
Unreviewed
CVE-2019-1950
was published
May 24, 2022
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation...
Moderate
Unreviewed
CVE-2022-47196
was published
Jan 19, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation...
Moderate
Unreviewed
CVE-2022-47194
was published
Jan 19, 2023
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could...
High
Unreviewed
CVE-2022-4224
was published
Mar 23, 2023
User data exposure in Apache InLong
Moderate
CVE-2023-31101
was published
for
org.apache.inlong:manager-dao
(Maven)
May 22, 2023
MTProto proxy remote code execution vulnerability
High
CVE-2023-45312
was published
for
mtproto_proxy
(Erlang)
Oct 10, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Low
CVE-2023-3485
was published
for
go.temporal.io/server
(Go)
Jun 30, 2023
Insecure Default Initialization In Liferay Portal
Moderate
CVE-2023-33949
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances...
Moderate
Unreviewed
CVE-2023-5368
was published
Oct 4, 2023
The affected devices use publicly available default credentials with administrative privileges.
Critical
Unreviewed
CVE-2023-39169
was published
Dec 7, 2023
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on...
High
Unreviewed
CVE-2020-16873
was published
May 24, 2022
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by...
High
Unreviewed
CVE-2023-3453
was published
Aug 24, 2023
Default swagger-ui configuration exposes all files in the module
Moderate
CVE-2024-22207
was published
for
@fastify/swagger-ui
(npm)
Jan 16, 2024
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4...
Moderate
Unreviewed
CVE-2024-26267
was published
Feb 20, 2024
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4...
Critical
Unreviewed
CVE-2024-25610
was published
Feb 20, 2024
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical
CVE-2018-8014
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
In the configuration of NFC modules on certain devices, there is a possible failure to...
High
Unreviewed
CVE-2019-2041
was published
May 24, 2022
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main...
High
Unreviewed
CVE-2018-20052
was published
May 24, 2022
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this...
Critical
Unreviewed
CVE-2019-11618
was published
May 24, 2022
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that...
Moderate
Unreviewed
CVE-2019-19251
was published
May 24, 2022
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved...
Moderate
Unreviewed
CVE-2023-28978
was published
Apr 18, 2023
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200...
High
Unreviewed
CVE-2023-1618
was published
May 19, 2023
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb...
High
Unreviewed
CVE-2023-35689
was published
Aug 15, 2023
ProTip!
Advisories are also available from the
GraphQL API