GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated...
High
Unreviewed
CVE-2014-5406
was published
May 17, 2022
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in...
High
Unreviewed
CVE-2015-2908
was published
May 17, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity...
Moderate
Unreviewed
CVE-2015-8254
was published
May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates...
High
Unreviewed
CVE-2016-2346
was published
May 17, 2022
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass...
High
Unreviewed
CVE-2016-3983
was published
May 17, 2022
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and...
High
Unreviewed
CVE-2014-4936
was published
May 17, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom...
High
Unreviewed
CVE-2022-30269
was published
Jul 27, 2022
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to...
High
Unreviewed
CVE-2016-2309
was published
May 17, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the...
Critical
Unreviewed
CVE-2022-29958
was published
Jul 27, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before...
High
Unreviewed
CVE-2022-37008
was published
Aug 11, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause...
High
Unreviewed
CVE-2022-34763
was published
Jul 14, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated...
Moderate
Unreviewed
CVE-2022-31598
was published
Jul 13, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML...
High
Unreviewed
CVE-2015-5236
was published
Jul 8, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31800
was published
Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS...
Critical
Unreviewed
CVE-2022-31801
was published
Jun 22, 2022
Configuration and database backup archives are not signed or validated in Trend Micro Deep...
High
Unreviewed
CVE-2017-11379
was published
May 17, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The...
High
Unreviewed
CVE-2022-32252
was published
Jun 15, 2022
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft...
Critical
Unreviewed
CVE-2021-26608
was published
May 24, 2022
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary...
Critical
Unreviewed
CVE-2020-24672
was published
May 24, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server...
Critical
Unreviewed
CVE-2022-31813
was published
Jun 10, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity...
Moderate
Unreviewed
CVE-2022-28385
was published
Jun 9, 2022
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker...
High
Unreviewed
CVE-2021-31228
was published
May 24, 2022
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to...
Critical
Unreviewed
CVE-2021-33885
was published
May 24, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated,...
High
Unreviewed
CVE-2021-1403
was published
May 24, 2022
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote...
High
Unreviewed
CVE-2021-21231
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API