Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

98 advisories

Loading
there is a possible arbitrary read due to an insecure default value. This could lead to local... Moderate Unreviewed
CVE-2024-44096 was published Sep 13, 2024
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the... High Unreviewed
CVE-2024-6788 was published Aug 13, 2024
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote... Moderate Unreviewed
CVE-2024-5801 was published Aug 12, 2024
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR... Critical Unreviewed
CVE-2024-31070 was published Jul 17, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4... Critical Unreviewed
CVE-2024-28815 was published Mar 27, 2024
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4... Critical Unreviewed
CVE-2024-25610 was published Feb 20, 2024
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4... Moderate Unreviewed
CVE-2024-26267 was published Feb 20, 2024
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther... High Unreviewed
CVE-2023-27516 was published Oct 12, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances... Moderate Unreviewed
CVE-2023-5368 was published Oct 4, 2023
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10... Moderate Unreviewed
CVE-2023-40708 was published Aug 24, 2023
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by... High Unreviewed
CVE-2023-3453 was published Aug 24, 2023
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb... High Unreviewed
CVE-2023-35689 was published Aug 15, 2023
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200... High Unreviewed
CVE-2023-1618 was published May 19, 2023
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved... Moderate Unreviewed
CVE-2023-28978 was published Apr 18, 2023
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. High Unreviewed
CVE-2022-48432 was published Mar 29, 2023
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could... High Unreviewed
CVE-2022-4224 was published Mar 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. Critical Unreviewed
CVE-2022-48342 was published Feb 23, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation... Moderate Unreviewed
CVE-2022-47194 was published Jan 19, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation... Moderate Unreviewed
CVE-2022-47196 was published Jan 19, 2023
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution... High Unreviewed
CVE-2022-2196 was published Jan 9, 2023
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to... Moderate Unreviewed
CVE-2022-20466 was published Dec 13, 2022
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve... High Unreviewed
CVE-2022-3262 was published Dec 8, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default... Moderate Unreviewed
CVE-2022-46831 was published Dec 8, 2022
ProTip! Advisories are also available from the GraphQL API