Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
The official composer docker images before 1.8.3 contain a blank password for a root user. System... Critical Unreviewed
CVE-2020-35184 was published May 24, 2022
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific)... Critical Unreviewed
CVE-2020-35196 was published May 24, 2022
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35191 was published May 24, 2022
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank... Critical Unreviewed
CVE-2020-35187 was published May 24, 2022
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for... Critical Unreviewed
CVE-2020-35193 was published May 24, 2022
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user... Critical Unreviewed
CVE-2020-35463 was published May 24, 2022
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems... Critical Unreviewed
CVE-2020-35468 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an... Critical Unreviewed
CVE-2020-12505 was published May 24, 2022
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows... Critical Unreviewed
CVE-2020-15851 was published May 24, 2022
It is possible to enumerate access card credentials via an unauthenticated network connection to... Critical Unreviewed
CVE-2020-16098 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an... Critical Unreviewed
CVE-2020-12506 was published May 24, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the... Critical Unreviewed
CVE-2022-44001 was published Nov 18, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-35865 was published Aug 4, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows... Critical Unreviewed
CVE-2019-13547 was published May 24, 2022
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be... Critical Unreviewed
CVE-2019-13101 was published May 24, 2022
A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port... Critical Unreviewed
CVE-2019-10919 was published May 24, 2022
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V ... Critical Unreviewed
CVE-2019-12288 was published May 24, 2022
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO... Critical Unreviewed
CVE-2019-8993 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580,... Critical Unreviewed
CVE-2019-6808 was published May 24, 2022
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An... Critical Unreviewed
CVE-2022-42785 was published Nov 16, 2022
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It... Critical Unreviewed
CVE-2022-29952 was published Jul 27, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing... Critical Unreviewed
CVE-2022-22526 was published Sep 29, 2022
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of... Critical Unreviewed
CVE-2017-5162 was published May 17, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20858 was published Jul 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database