Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,541 advisories

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific)... Critical Unreviewed
CVE-2020-35196 was published May 24, 2022
The official influxdb docker images before 1.7.3-meta-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35194 was published May 24, 2022
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user.... Critical Unreviewed
CVE-2020-35186 was published May 24, 2022
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can... Critical Unreviewed
CVE-2020-25094 was published May 24, 2022
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password... Critical Unreviewed
CVE-2020-35185 was published May 24, 2022
The official composer docker images before 1.8.3 contain a blank password for a root user. System... Critical Unreviewed
CVE-2020-35184 was published May 24, 2022
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable... Critical Unreviewed
CVE-2020-25010 was published May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail... Critical Unreviewed
CVE-2020-25011 was published May 24, 2022
jsonpickle unsafe deserialization Critical
CVE-2020-22083 was published for jsonpickle (pip) May 24, 2022
rtfpessoa
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems... Critical Unreviewed
CVE-2020-35468 was published May 24, 2022
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user... Critical Unreviewed
CVE-2020-35463 was published May 24, 2022
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35467 was published May 24, 2022
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root... Critical Unreviewed
CVE-2020-35469 was published May 24, 2022
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for... Critical Unreviewed
CVE-2020-35465 was published May 24, 2022
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35462 was published May 24, 2022
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for... Critical Unreviewed
CVE-2020-35193 was published May 24, 2022
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35464 was published May 24, 2022
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35466 was published May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)... Critical Unreviewed
CVE-2020-28929 was published May 24, 2022
AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web... Critical Unreviewed
CVE-2019-14482 was published May 24, 2022
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web... Critical Unreviewed
CVE-2019-14480 was published May 24, 2022
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to... Critical Unreviewed
CVE-2020-4747 was published May 24, 2022
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions:... Critical Unreviewed
CVE-2020-0456 was published May 24, 2022
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions... Critical Unreviewed
CVE-2020-8257 was published May 24, 2022
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute... Critical Unreviewed
CVE-2020-35378 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API