GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
84 advisories
Filter by severity
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint...
Moderate
Unreviewed
CVE-2021-3485
was published
May 24, 2022
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling...
Critical
Unreviewed
CVE-2024-45321
was published
Aug 27, 2024
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the...
High
Unreviewed
CVE-2024-33118
was published
May 6, 2024
Download of Code Without Integrity Check vulnerability in Apache Doris.
The jdbc driver files...
Critical
Unreviewed
CVE-2024-27438
was published
Mar 21, 2024
A vulnerability allows attackers to download source code or an executable from a remote location...
Critical
Unreviewed
CVE-2023-41921
was published
Jul 2, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
High
Unreviewed
CVE-2024-30206
was published
May 14, 2024
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-39474
was published
May 3, 2024
IO-1020 Micro ELD downloads source code or an executable from an
adjacent location and executes...
Critical
Unreviewed
CVE-2024-28878
was published
Apr 12, 2024
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and...
Critical
Unreviewed
CVE-2018-5409
was published
May 24, 2022
Synel Terminals - CWE-494: Download of Code Without Integrity Check
Critical
Unreviewed
CVE-2023-37220
was published
Sep 3, 2023
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian...
Critical
Unreviewed
CVE-2023-40254
was published
Aug 11, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with...
High
Unreviewed
CVE-2023-37864
was published
Aug 9, 2023
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0...
High
Unreviewed
CVE-2023-22635
was published
Apr 11, 2023
An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message...
High
Unreviewed
CVE-2020-9759
was published
May 24, 2022
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where...
High
Unreviewed
CVE-2019-3977
was published
May 24, 2022
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN...
High
Unreviewed
CVE-2019-13534
was published
May 24, 2022
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that...
High
Unreviewed
CVE-2019-12809
was published
May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an...
Critical
Unreviewed
CVE-2019-3801
was published
May 24, 2022
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development...
High
Unreviewed
CVE-2019-9534
was published
May 24, 2022
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the...
High
Unreviewed
CVE-2008-3438
was published
May 2, 2022
An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows...
High
Unreviewed
CVE-2023-47353
was published
Feb 6, 2024
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download...
High
Unreviewed
CVE-2001-1125
was published
Apr 30, 2022
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications...
High
Unreviewed
CVE-2002-0671
was published
Apr 30, 2022
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of...
High
Unreviewed
CVE-2008-3324
was published
May 1, 2022
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to...
Moderate
Unreviewed
CVE-2020-1576
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API