GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
71 advisories
Filter by severity
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL...
High
Unreviewed
CVE-2020-24772
was published
Mar 22, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source...
High
Unreviewed
CVE-2021-32985
was published
Apr 5, 2022
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking...
High
Unreviewed
CVE-2022-42927
was published
Dec 22, 2022
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality...
High
Unreviewed
CVE-2019-5036
was published
May 24, 2022
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same...
High
Unreviewed
CVE-2016-5168
was published
May 17, 2022
Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and...
High
Unreviewed
CVE-2022-23763
was published
Jun 29, 2022
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0...
High
Unreviewed
CVE-2016-8358
was published
May 17, 2022
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in...
High
Unreviewed
CVE-2018-6690
was published
May 13, 2022
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can...
High
Unreviewed
CVE-2022-25227
was published
May 21, 2022
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same...
High
Unreviewed
CVE-2019-8069
was published
May 24, 2022
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass...
High
Unreviewed
CVE-2019-8075
was published
May 24, 2022
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7...
High
Unreviewed
CVE-2020-3864
was published
May 24, 2022
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write...
High
Unreviewed
CVE-2021-27197
was published
May 24, 2022
ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the...
High
Unreviewed
CVE-2020-6881
was published
May 24, 2022
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the...
High
Unreviewed
CVE-2020-35556
was published
May 24, 2022
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused...
High
Unreviewed
CVE-2020-4881
was published
May 24, 2022
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server ...
High
Unreviewed
CVE-2021-31718
was published
May 24, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
High
Unreviewed
CVE-2022-29818
was published
Apr 29, 2022
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
High
Unreviewed
CVE-2021-39270
was published
May 24, 2022
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar...
High
Unreviewed
CVE-2020-27969
was published
May 24, 2022
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware...
High
Unreviewed
CVE-2018-3834
was published
May 13, 2022
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of...
High
Unreviewed
CVE-2018-4319
was published
May 13, 2022
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms...
High
Unreviewed
CVE-2019-7399
was published
May 13, 2022
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,...
High
Unreviewed
CVE-2014-1487
was published
May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the...
High
Unreviewed
CVE-2011-2856
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API