GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
75 advisories
Filter by severity
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number...
High
Unreviewed
CVE-2021-44480
was published
Dec 2, 2021
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful...
High
Unreviewed
CVE-2021-37050
was published
Dec 9, 2021
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the...
High
Unreviewed
CVE-2021-37189
was published
Dec 11, 2021
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This...
High
Unreviewed
CVE-2021-40148
was published
Jan 5, 2022
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including...
High
Unreviewed
CVE-2020-9058
was published
Jan 11, 2022
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption,...
High
Unreviewed
CVE-2020-9057
was published
Jan 11, 2022
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its...
High
Unreviewed
CVE-2021-33020
was published
Apr 3, 2022
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to...
High
Unreviewed
CVE-2011-3355
was published
Apr 22, 2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone...
High
Unreviewed
CVE-2022-29945
was published
Apr 30, 2022
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted...
High
Unreviewed
CVE-2017-7729
was published
May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were...
High
Unreviewed
CVE-2017-12817
was published
May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by...
High
Unreviewed
CVE-2019-6518
was published
May 13, 2022
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or...
High
Unreviewed
CVE-2017-17763
was published
May 13, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2018-1683
was published
May 13, 2022
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for...
High
Unreviewed
CVE-2017-5251
was published
May 13, 2022
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a...
High
Unreviewed
CVE-2017-15397
was published
May 13, 2022
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other...
High
Unreviewed
CVE-2017-15581
was published
May 13, 2022
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a...
High
Unreviewed
CVE-2017-15609
was published
May 13, 2022
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud...
High
Unreviewed
CVE-2017-8221
was published
May 13, 2022
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17...
High
Unreviewed
CVE-2017-9604
was published
May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer...
High
Unreviewed
CVE-2018-14607
was published
May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level...
High
Unreviewed
CVE-2018-14608
was published
May 13, 2022
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This...
High
Unreviewed
CVE-2018-5162
was published
May 13, 2022
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext...
High
Unreviewed
CVE-2018-5261
was published
May 13, 2022
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the...
High
Unreviewed
CVE-2018-5481
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API