Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
Open Redirect in url-parse Critical
CVE-2018-3774 was published for url-parse (npm) Aug 13, 2018
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Forced Browsing in Twisted Moderate
CVE-2016-1000111 was published for twisted (pip) Apr 30, 2021
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed
CVE-2021-24831 was published Jan 4, 2022
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture... Moderate Unreviewed
CVE-2021-24046 was published Jan 15, 2022
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022... Moderate Unreviewed
CVE-2022-24932 was published Mar 11, 2022
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure... Moderate Unreviewed
CVE-2022-24385 was published Mar 15, 2022
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as... High Unreviewed
CVE-2022-1077 was published Mar 30, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP... High Unreviewed
CVE-2022-27480 was published Apr 13, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export.... High Unreviewed
CVE-2021-34588 was published Apr 28, 2022
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system... High Unreviewed
CVE-2004-2144 was published Apr 29, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images... Moderate Unreviewed
CVE-2004-2257 was published Apr 29, 2022
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files... Moderate Unreviewed
CVE-2002-1798 was published Apr 30, 2022
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users... High Unreviewed
CVE-2005-1654 was published May 1, 2022
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to... High Unreviewed
CVE-2005-1668 was published May 1, 2022
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct... High Unreviewed
CVE-2005-1685 was published May 1, 2022
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct... Moderate Unreviewed
CVE-2005-1688 was published May 1, 2022
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive... Moderate Unreviewed
CVE-2005-1697 was published May 1, 2022
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct... Moderate Unreviewed
CVE-2005-1698 was published May 1, 2022
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as... High Unreviewed
CVE-2005-1827 was published May 1, 2022
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive... Moderate Unreviewed
CVE-2005-1892 was published May 1, 2022
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software... Moderate Unreviewed
CVE-2015-2873 was published May 13, 2022
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the... Critical Unreviewed
CVE-2019-9552 was published May 13, 2022
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2... Critical Unreviewed
CVE-2017-14244 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database