Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data ... Critical Unreviewed
CVE-2018-18375 was published May 13, 2022
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies,... Critical Unreviewed
CVE-2018-16239 was published May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10... Critical Unreviewed
CVE-2017-16924 was published May 13, 2022
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen... Critical Unreviewed
CVE-2017-7902 was published May 13, 2022
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that... Critical Unreviewed
CVE-2018-17888 was published May 13, 2022
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well... Critical Unreviewed
CVE-2019-0007 was published May 13, 2022
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary... Critical Unreviewed
CVE-2018-18602 was published May 13, 2022
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Critical Unreviewed
CVE-2019-9898 was published May 13, 2022
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric... Critical Unreviewed
CVE-2019-0729 was published May 13, 2022
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm... Critical Unreviewed
CVE-2019-9863 was published May 13, 2022
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs... Critical Unreviewed
CVE-2017-6026 was published May 13, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are... Critical Unreviewed
CVE-2021-34646 was published May 24, 2022
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ... Critical Unreviewed
CVE-2020-35685 was published May 24, 2022
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and... Critical Unreviewed
CVE-2020-7548 was published May 24, 2022
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict... Critical Unreviewed
CVE-2022-30935 was published Sep 29, 2022
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that... Critical Unreviewed
CVE-2020-25705 was published May 24, 2022
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... Critical Unreviewed
CVE-2020-35163 was published Jul 12, 2022
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT ... Critical Unreviewed
CVE-2022-26647 was published Jul 13, 2022
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the... Critical Unreviewed
CVE-2021-20322 was published Feb 19, 2022
Multiple W&T products of the Comserver Series use a small number space for allocating sessions... Critical Unreviewed
CVE-2022-42787 was published Nov 10, 2022
Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup... Critical Unreviewed
CVE-2019-7667 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database