GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated,...
High
Unreviewed
CVE-2017-6685
was published
May 13, 2022
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated,...
High
Unreviewed
CVE-2017-6686
was published
May 13, 2022
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated,...
High
Unreviewed
CVE-2017-6687
was published
May 13, 2022
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting...
Moderate
Unreviewed
CVE-2017-5491
was published
May 13, 2022
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier....
High
Unreviewed
CVE-2017-5155
was published
May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
Moderate
CVE-2017-4971
was published
for
org.springframework.webflow:spring-webflow
(Maven)
May 13, 2022
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants...
Critical
Unreviewed
CVE-2017-12739
was published
May 13, 2022
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic...
Critical
Unreviewed
CVE-2018-0130
was published
May 13, 2022
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify...
High
Unreviewed
CVE-2018-10605
was published
May 13, 2022
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that...
High
Unreviewed
CVE-2018-1524
was published
May 13, 2022
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used...
Moderate
Unreviewed
CVE-2018-3825
was published
May 13, 2022
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability...
Critical
Unreviewed
CVE-2017-8021
was published
May 13, 2022
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change...
Critical
Unreviewed
CVE-2019-3909
was published
May 13, 2022
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings...
High
Unreviewed
CVE-2019-1994
was published
May 13, 2022
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a...
Critical
Unreviewed
CVE-2018-19275
was published
May 13, 2022
eVisitorPass contains default administrative credentials. An attacker could exploit this...
High
Unreviewed
CVE-2018-17497
was published
May 13, 2022
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this...
High
Unreviewed
CVE-2018-17485
was published
May 13, 2022
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker...
High
Unreviewed
CVE-2018-0263
was published
May 13, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store...
High
Unreviewed
CVE-2019-3783
was published
May 13, 2022
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running...
Critical
Unreviewed
CVE-2017-3834
was published
May 13, 2022
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in...
Critical
Unreviewed
CVE-2017-5178
was published
May 13, 2022
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a...
Moderate
Unreviewed
CVE-2018-10989
was published
May 13, 2022
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default...
Critical
Unreviewed
CVE-2022-24706
was published
Apr 27, 2022
makepasswd 1.10 default settings generate insecure passwords
Moderate
Unreviewed
CVE-2010-2247
was published
Apr 21, 2022
In miniadb, there is a possible way to get read/write access to recovery system properties due to...
High
Unreviewed
CVE-2021-39767
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API