Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

340 advisories

Loading
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems... Critical Unreviewed
CVE-2020-35468 was published May 24, 2022
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user.... Critical Unreviewed
CVE-2020-35186 was published May 24, 2022
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password... Critical Unreviewed
CVE-2020-35185 was published May 24, 2022
The official composer docker images before 1.8.3 contain a blank password for a root user. System... Critical Unreviewed
CVE-2020-35184 was published May 24, 2022
The official chronograf docker images before 1.7.7-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35188 was published May 24, 2022
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific)... Critical Unreviewed
CVE-2020-35196 was published May 24, 2022
The official vault docker images before 0.11.6 contain a blank password for a root user. System... Critical Unreviewed
CVE-2020-35192 was published May 24, 2022
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35191 was published May 24, 2022
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35187 was published May 24, 2022
The official influxdb docker images before 1.7.3-meta-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35194 was published May 24, 2022
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a... Critical Unreviewed
CVE-2020-35190 was published May 24, 2022
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password... Critical Unreviewed
CVE-2020-35189 was published May 24, 2022
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35195 was published May 24, 2022
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35197 was published May 24, 2022
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is... Critical Unreviewed
CVE-2020-29551 was published May 24, 2022
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be... Critical Unreviewed
CVE-2020-27285 was published May 24, 2022
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to... Critical Unreviewed
CVE-2021-22850 was published May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for... Critical Unreviewed
CVE-2020-4958 was published May 24, 2022
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All... Critical Unreviewed
CVE-2020-15798 was published May 24, 2022
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing... Critical Unreviewed
CVE-2021-22652 was published May 24, 2022
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated,... Critical Unreviewed
CVE-2021-1393 was published May 24, 2022
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive... Critical Unreviewed
CVE-2021-26705 was published May 24, 2022
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication,... Critical Unreviewed
CVE-2020-28899 was published May 24, 2022
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication... Critical Unreviewed
CVE-2020-25218 was published May 24, 2022
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier... Critical Unreviewed
CVE-2021-20697 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database