GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
56 advisories
Filter by severity
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call...
High
Unreviewed
CVE-2021-39707
was published
Mar 17, 2022
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to...
High
Unreviewed
CVE-2021-39703
was published
Mar 17, 2022
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could...
High
Unreviewed
CVE-2021-39787
was published
Mar 31, 2022
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified...
High
Unreviewed
CVE-2022-20789
was published
Apr 22, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name...
High
Unreviewed
CVE-2022-24241
was published
Jun 3, 2022
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to...
High
Unreviewed
CVE-2022-20223
was published
Jul 14, 2022
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple...
High
Unreviewed
CVE-2016-0796
was published
Jul 29, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path
High
Unreviewed
CVE-2021-3845
was published
Jan 5, 2022
This external control of file name or path vulnerability allows remote attackers to access or...
High
Unreviewed
CVE-2019-7194
was published
May 24, 2022
This external control of file name or path vulnerability allows remote attackers to access or...
High
Unreviewed
CVE-2019-7195
was published
May 24, 2022
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs...
High
Unreviewed
CVE-2020-6105
was published
May 24, 2022
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to...
High
Unreviewed
CVE-2021-27183
was published
May 24, 2022
Externally controlled reference to a resource in another sphere in quarantine functionality in...
High
Unreviewed
CVE-2021-27648
was published
May 24, 2022
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non...
High
Unreviewed
CVE-2021-30245
was published
May 24, 2022
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to...
High
Unreviewed
CVE-2020-25161
was published
May 24, 2022
In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due...
High
Unreviewed
CVE-2021-0608
was published
May 24, 2022
In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a...
High
Unreviewed
CVE-2021-0536
was published
May 24, 2022
In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE...
High
Unreviewed
CVE-2021-0550
was published
May 24, 2022
A component of the HarmonyOS has a External Control of System or Configuration Setting...
High
Unreviewed
CVE-2021-22420
was published
May 24, 2022
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to...
High
Unreviewed
CVE-2021-32576
was published
May 24, 2022
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to...
High
Unreviewed
CVE-2021-32578
was published
May 24, 2022
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to...
High
Unreviewed
CVE-2021-0591
was published
May 24, 2022
In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a...
High
Unreviewed
CVE-2021-0593
was published
May 24, 2022
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files...
High
Unreviewed
CVE-2021-0708
was published
May 24, 2022
In DreamServices, there is a possible way to launch arbitrary protected activities due to a...
High
Unreviewed
CVE-2022-20319
was published
Aug 13, 2022
ProTip!
Advisories are also available from the
GraphQL API