GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,541 advisories
Filter by severity
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific)...
Critical
Unreviewed
CVE-2020-35196
was published
May 24, 2022
The official influxdb docker images before 1.7.3-meta-alpine (Alpine specific) contain a blank...
Critical
Unreviewed
CVE-2020-35194
was published
May 24, 2022
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user....
Critical
Unreviewed
CVE-2020-35186
was published
May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can...
Critical
Unreviewed
CVE-2020-25094
was published
May 24, 2022
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password...
Critical
Unreviewed
CVE-2020-35185
was published
May 24, 2022
The official composer docker images before 1.8.3 contain a blank password for a root user. System...
Critical
Unreviewed
CVE-2020-35184
was published
May 24, 2022
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable...
Critical
Unreviewed
CVE-2020-25010
was published
May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail...
Critical
Unreviewed
CVE-2020-25011
was published
May 24, 2022
jsonpickle unsafe deserialization
Critical
CVE-2020-22083
was published
for
jsonpickle
(pip)
May 24, 2022
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems...
Critical
Unreviewed
CVE-2020-35468
was published
May 24, 2022
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user...
Critical
Unreviewed
CVE-2020-35463
was published
May 24, 2022
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user....
Critical
Unreviewed
CVE-2020-35467
was published
May 24, 2022
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root...
Critical
Unreviewed
CVE-2020-35469
was published
May 24, 2022
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for...
Critical
Unreviewed
CVE-2020-35465
was published
May 24, 2022
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user....
Critical
Unreviewed
CVE-2020-35462
was published
May 24, 2022
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for...
Critical
Unreviewed
CVE-2020-35193
was published
May 24, 2022
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user....
Critical
Unreviewed
CVE-2020-35464
was published
May 24, 2022
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user....
Critical
Unreviewed
CVE-2020-35466
was published
May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)...
Critical
Unreviewed
CVE-2020-28929
was published
May 24, 2022
AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web...
Critical
Unreviewed
CVE-2019-14482
was published
May 24, 2022
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web...
Critical
Unreviewed
CVE-2019-14480
was published
May 24, 2022
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to...
Critical
Unreviewed
CVE-2020-4747
was published
May 24, 2022
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions:...
Critical
Unreviewed
CVE-2020-0456
was published
May 24, 2022
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions...
Critical
Unreviewed
CVE-2020-8257
was published
May 24, 2022
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute...
Critical
Unreviewed
CVE-2020-35378
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API