GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
885 advisories
Filter by severity
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with...
High
Unreviewed
CVE-2022-42276
was published
Jan 13, 2023
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private...
High
Unreviewed
CVE-2022-46463
was published
Jan 13, 2023
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any...
High
Unreviewed
CVE-2022-24396
was published
Mar 11, 2022
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune...
High
Unreviewed
CVE-2021-33658
was published
Mar 12, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
Critical
Unreviewed
CVE-2022-25251
was published
Mar 17, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
High
Unreviewed
CVE-2022-25250
was published
Mar 17, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an...
Critical
Unreviewed
CVE-2022-25247
was published
Mar 17, 2022
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13,...
Moderate
Unreviewed
CVE-2021-44261
was published
Mar 18, 2022
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6...
High
Unreviewed
CVE-2021-44260
was published
Mar 18, 2022
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6...
Critical
Unreviewed
CVE-2021-44259
was published
Mar 18, 2022
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which...
High
Unreviewed
CVE-2021-44262
was published
Mar 18, 2022
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check....
Moderate
Unreviewed
CVE-2021-1011
was published
Dec 16, 2021
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an...
High
Unreviewed
CVE-2022-25008
was published
Apr 1, 2022
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not...
Moderate
Unreviewed
CVE-2021-46006
was published
Apr 1, 2022
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without...
Critical
Unreviewed
CVE-2021-46009
was published
Apr 1, 2022
Sensitive information can be obtained through the handling of serialized data. The issue results...
Moderate
Unreviewed
CVE-2020-14479
was published
Apr 3, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for...
Critical
Unreviewed
CVE-2021-33008
was published
Apr 5, 2022
The software does not perform any authentication for critical system functionality.
Moderate
Unreviewed
CVE-2022-0922
was published
Apr 3, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing...
High
Unreviewed
CVE-2020-27376
was published
Apr 8, 2022
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging....
Moderate
Unreviewed
CVE-2022-0878
was published
Apr 13, 2022
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials....
Moderate
Unreviewed
CVE-2020-25634
was published
May 24, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not...
Critical
Unreviewed
CVE-2022-28660
was published
May 21, 2022
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This...
Moderate
Unreviewed
CVE-2022-26394
was published
Sep 10, 2022
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior...
High
Unreviewed
CVE-2021-25094
was published
Apr 26, 2022
ProTip!
Advisories are also available from the
GraphQL API