Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka... Moderate Unreviewed
CVE-2018-8278 was published May 13, 2022
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails... Moderate Unreviewed
CVE-2018-8153 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a... Moderate Unreviewed
CVE-2018-1695 was published May 13, 2022
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2... High Unreviewed
CVE-2018-12331 was published May 13, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler... Critical Unreviewed
CVE-2017-14375 was published May 13, 2022
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney... Moderate Unreviewed
CVE-2017-12095 was published May 13, 2022
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted... Moderate Unreviewed
CVE-2017-12096 was published May 13, 2022
Windows LSA Spoofing Vulnerability. High Unreviewed
CVE-2022-26925 was published May 11, 2022
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of... High Unreviewed
CVE-2022-25989 was published May 6, 2022
Cache Poisoning issue exists in DNS Response Rate Limiting. Moderate Unreviewed
CVE-2013-5661 was published May 5, 2022
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820... High Unreviewed
CVE-2009-1048 was published May 2, 2022
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6... Moderate Unreviewed
CVE-2019-10875 was published Apr 30, 2022
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
Skype for Business and Lync Spoofing Vulnerability. Moderate Unreviewed
CVE-2022-26910 was published Apr 16, 2022
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server... High Unreviewed
CVE-2022-26505 was published Mar 7, 2022
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of... Critical Unreviewed
CVE-2022-24112 was published Feb 12, 2022
SAML authentication vulnerability due to stdlib XML parsing High
CVE-2020-26276 was published for github.com/fleetdm/fleet/v4 (Go) Feb 11, 2022
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. Low Unreviewed
CVE-2021-42320 was published Feb 11, 2022
Authentication Bypass in Apache Cassandra High
CVE-2020-17516 was published for org.apache.cassandra:cassandra-all (Maven) Feb 9, 2022
In the case of instances where the SAML SSO authentication is enabled (non-default), session data... Critical Unreviewed
CVE-2022-23131 was published Jan 14, 2022
GitLab auth uses full name instead of username as user ID, allowing impersonation Critical
CVE-2020-5415 was published for github.com/concourse/concourse (Go) Dec 20, 2021
gdetrez
Authentication Bypass in dex Critical
CVE-2020-27847 was published for github.com/dexidp/dex (Go) Dec 20, 2021
Windows AppX Installer Spoofing Vulnerability High Unreviewed
CVE-2021-43890 was published Dec 16, 2021
HTTP Method Spoofing High
CVE-2021-43807 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
lkiesow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database