GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

119 advisories

Filter by severity

Sort by

Least recently updated

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master... Critical Unreviewed

CVE-2021-43685 was published Dec 2, 2021

A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and... Moderate Unreviewed

CVE-2021-36190 was published Dec 9, 2021

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary... Critical Unreviewed

CVE-2021-20042 was published Dec 9, 2021

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path... Critical Unreviewed

CVE-2021-44041 was published Dec 15, 2021

In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to... High Unreviewed

CVE-2021-1003 was published Dec 16, 2021

Password vault has a External Control of System or Configuration Setting vulnerability.Successful... High Unreviewed

CVE-2021-39971 was published Jan 4, 2022

Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful... Moderate Unreviewed

CVE-2021-37112 was published Jan 4, 2022

ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed

CVE-2021-3845 was published Jan 5, 2022

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due... High Unreviewed

CVE-2021-39626 was published Jan 15, 2022

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to... High Unreviewed

CVE-2021-1035 was published Jan 15, 2022

In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a... High Unreviewed

CVE-2021-39663 was published Feb 12, 2022

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused... High Unreviewed

CVE-2021-39668 was published Feb 12, 2022

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed

CVE-2022-0377 was published Mar 1, 2022

In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call... High Unreviewed

CVE-2021-39707 was published Mar 17, 2022

In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to... High Unreviewed

CVE-2021-39703 was published Mar 17, 2022

In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could... High Unreviewed

CVE-2021-39787 was published Mar 31, 2022

In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed

CVE-2021-39765 was published Mar 31, 2022

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified... High Unreviewed

CVE-2022-20789 was published Apr 22, 2022

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below,... High Unreviewed

CVE-2021-43066 was published May 12, 2022

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed

CVE-2017-0211 was published May 13, 2022

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed

CVE-2017-15269 was published May 13, 2022

Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed

CVE-2018-12381 was published May 13, 2022

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the... High Unreviewed

CVE-2018-9582 was published May 13, 2022

In the Activity Manager service, there is a possible information disclosure due to a confused... Low Unreviewed

CVE-2019-9292 was published May 24, 2022

In AOSP Email, there is a possible information disclosure due to a confused deputy. This could... Low Unreviewed

CVE-2019-9440 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

119 advisories