Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,032
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
High severity vulnerability that affects generator-jhipster High
GHSA-mc84-xr9p-938r was published for generator-jhipster (npm) Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25485 was published Mar 16, 2022
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
Credited to staz0t
An attacker with the ability to modify a user program may change user program code on some... Critical Unreviewed
CVE-2022-1161 was published Apr 12, 2022
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed
CVE-2018-12120 was published May 13, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated... High Unreviewed
CVE-2022-30244 was published Jul 16, 2022
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from... High Unreviewed
CVE-2022-30243 was published Jul 16, 2022
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64... High Unreviewed
CVE-2022-33317 was published Jul 21, 2022
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the... High Unreviewed
CVE-2022-34121 was published Jul 28, 2022
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user... Moderate Unreviewed
CVE-2022-37191 was published Sep 14, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be... Moderate Unreviewed
CVE-2019-17014 was published May 24, 2022
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library)... High Unreviewed
CVE-2021-20443 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in... Critical Unreviewed
CVE-2020-4561 was published May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed
CVE-2021-30507 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-29777 was published May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30121 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged... High Unreviewed
CVE-2021-34692 was published May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed
CVE-2021-21804 was published May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared... High Unreviewed
CVE-2021-34398 was published May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the... High Unreviewed
CVE-2021-38360 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database