GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
46 advisories
Filter by severity
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised...
High
Unreviewed
CVE-2020-36517
was published
Mar 11, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker...
High
Unreviewed
CVE-2021-20049
was published
Dec 24, 2021
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2...
High
Unreviewed
CVE-2021-38562
was published
May 24, 2022
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for...
High
Unreviewed
CVE-2022-4499
was published
Jan 11, 2023
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ...
High
Unreviewed
CVE-2022-20866
was published
Aug 11, 2022
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 &...
High
Unreviewed
CVE-2021-22892
was published
May 24, 2022
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is ...
High
Unreviewed
CVE-2022-48251
was published
Jan 10, 2023
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous...
High
Unreviewed
CVE-2019-9815
was published
May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can...
High
Unreviewed
CVE-2021-34575
was published
May 24, 2022
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks...
High
Unreviewed
CVE-2021-33560
was published
May 24, 2022
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users...
High
Unreviewed
CVE-2021-34580
was published
May 24, 2022
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to...
High
Unreviewed
CVE-2022-37459
was published
Aug 18, 2022
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU...
High
Unreviewed
CVE-2021-46778
was published
Aug 11, 2022
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2),...
High
Unreviewed
CVE-2017-6168
was published
May 13, 2022
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys...
High
Unreviewed
CVE-2016-6489
was published
May 13, 2022
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
High
Unreviewed
CVE-2019-10233
was published
May 13, 2022
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow...
High
Unreviewed
CVE-2019-6602
was published
May 13, 2022
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected...
High
Unreviewed
CVE-2013-10006
was published
Jan 1, 2023
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
High
Unreviewed
CVE-2021-42016
was published
Mar 9, 2022
An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response...
High
Unreviewed
CVE-2023-26071
was published
Mar 28, 2023
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation...
High
Unreviewed
CVE-2022-3907
was published
Dec 5, 2022
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS....
High
Unreviewed
CVE-2023-0361
was published
Feb 15, 2023
In Package Installer, there is a possible way to determine whether an app is installed, without...
High
Unreviewed
CVE-2023-21324
was published
Oct 30, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query...
High
Unreviewed
CVE-2023-21337
was published
Oct 30, 2023
In Slice, there is a possible disclosure of installed applications due to side channel...
High
Unreviewed
CVE-2023-21298
was published
Oct 30, 2023
ProTip!
Advisories are also available from the
GraphQL API