Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
High severity vulnerability that affects generator-jhipster High
GHSA-mc84-xr9p-938r was published for generator-jhipster (npm) Sep 23, 2019
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote... Critical Unreviewed
CVE-2020-7883 was published Dec 29, 2021
A download of code without integrity check vulnerability in the "execute restore src-vis" command... High Unreviewed
CVE-2021-44168 was published Jan 5, 2022
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability... High Unreviewed
CVE-2022-24644 was published Mar 11, 2022
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download... High Unreviewed
CVE-2001-1125 was published Apr 30, 2022
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications... High Unreviewed
CVE-2002-0671 was published Apr 30, 2022
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of... High Unreviewed
CVE-2008-3324 was published May 1, 2022
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the... High Unreviewed
CVE-2008-3438 was published May 2, 2022
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to... High Unreviewed
CVE-2018-4009 was published May 13, 2022
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows... High Unreviewed
CVE-2018-19234 was published May 13, 2022
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of... High Unreviewed
CVE-2017-13083 was published May 13, 2022
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12306 was published May 13, 2022
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in... High Unreviewed
CVE-2017-2707 was published May 13, 2022
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred... Low Unreviewed
CVE-2017-2739 was published May 13, 2022
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC... High Unreviewed
CVE-2018-13012 was published May 13, 2022
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room... High Unreviewed
CVE-2022-22786 was published May 19, 2022
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check... High Unreviewed
CVE-2022-28944 was published May 24, 2022
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading... Moderate Unreviewed
CVE-2021-41714 was published May 24, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High
CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an... Critical Unreviewed
CVE-2019-3801 was published May 24, 2022
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and... Critical Unreviewed
CVE-2018-5409 was published May 24, 2022
Incorrect Resource Transfer Between Spheres in Grails High
CVE-2019-12728 was published for org.grails:grails-core (Maven) May 24, 2022
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its... High Unreviewed
CVE-2019-7229 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database