GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
120 advisories
Filter by severity
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue...
Moderate
Unreviewed
CVE-2022-22594
was published
Mar 19, 2022
Kirby .dev domains and some reverse proxy setups were treated as local
Moderate
CVE-2020-26253
was published
for
getkirby/cms
(Composer)
Jan 14, 2021
The authentication mechanism used by voters to activate a voting session on the tested version of...
Moderate
Unreviewed
CVE-2022-1747
was published
Jun 25, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),...
Moderate
Unreviewed
CVE-2022-30228
was published
Jun 15, 2022
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote...
Moderate
Unreviewed
CVE-2022-1497
was published
Jul 27, 2022
Zip4j Origin Validation Error
Moderate
CVE-2023-22899
was published
for
net.lingala.zip4j:zip4j
(Maven)
Jan 10, 2023
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with...
Moderate
Unreviewed
CVE-2019-8282
was published
May 24, 2022
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote...
Moderate
Unreviewed
CVE-2019-5834
was published
May 24, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross...
Moderate
Unreviewed
CVE-2022-41294
was published
Oct 6, 2022
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block...
Moderate
Unreviewed
CVE-2020-11868
was published
May 24, 2022
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently...
Moderate
Unreviewed
CVE-2021-38507
was published
Dec 9, 2021
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches...
Moderate
Unreviewed
CVE-2021-1231
was published
May 24, 2022
When a link to an external protocol was clicked, a prompt was presented that allowed the user to...
Moderate
Unreviewed
CVE-2020-15682
was published
May 24, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
Moderate
Unreviewed
CVE-2019-8754
was published
May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21183
was published
May 24, 2022
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a...
Moderate
Unreviewed
CVE-2021-21135
was published
May 24, 2022
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96...
Moderate
Unreviewed
CVE-2021-21136
was published
May 24, 2022
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus...
Moderate
Unreviewed
CVE-2020-15733
was published
May 24, 2022
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21175
was published
May 24, 2022
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed...
Moderate
Unreviewed
CVE-2021-21163
was published
May 24, 2022
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72...
Moderate
Unreviewed
CVE-2021-21164
was published
May 24, 2022
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a...
Moderate
Unreviewed
CVE-2021-21184
was published
May 24, 2022
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS...
Moderate
Unreviewed
CVE-2021-28048
was published
May 24, 2022
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a...
Moderate
Unreviewed
CVE-2021-21229
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API