Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in... High Unreviewed
CVE-2024-25972 was published Mar 1, 2024
Firefox normally asks for confirmation before asking the operating system to find an application... High Unreviewed
CVE-2024-8383 was published Sep 3, 2024
Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with... High Unreviewed
CVE-2019-25219 was published Oct 29, 2024
HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused... Moderate Unreviewed
CVE-2024-30124 was published Oct 23, 2024
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users... Moderate Unreviewed
CVE-2024-0387 was published Feb 26, 2024
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to... High Unreviewed
CVE-2024-34734 was published Aug 16, 2024
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user... Moderate Unreviewed
CVE-2024-9949 was published Oct 23, 2024
Certain configuration available in the communication channel for encoders could expose sensitive... Moderate Unreviewed
CVE-2024-22388 was published Feb 7, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote... High Unreviewed
CVE-2024-47295 was published Oct 1, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array... Critical Unreviewed
CVE-2024-0001 was published Sep 23, 2024
there is a possible arbitrary read due to an insecure default value. This could lead to local... Moderate Unreviewed
CVE-2024-44096 was published Sep 13, 2024
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10... Moderate Unreviewed
CVE-2023-40708 was published Aug 24, 2023
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the... High Unreviewed
CVE-2024-6788 was published Aug 13, 2024
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote... Moderate Unreviewed
CVE-2024-5801 was published Aug 12, 2024
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Apache Isis webconsole module may directly query the database in prototype mode Moderate
CVE-2022-42467 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR... Critical Unreviewed
CVE-2024-31070 was published Jul 17, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4... Critical Unreviewed
CVE-2024-28815 was published Mar 27, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs... High Unreviewed
CVE-2019-20470 was published May 24, 2022
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params... Moderate Unreviewed
CVE-2020-11915 was published May 24, 2022
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database