Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any... Critical Unreviewed
CVE-2019-15064 was published May 24, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows... Critical Unreviewed
CVE-2019-13547 was published May 24, 2022
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow... Critical Unreviewed
CVE-2019-18465 was published May 24, 2022
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed
CVE-2019-5644 was published May 24, 2022
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR... Critical Unreviewed
CVE-2019-18339 was published May 24, 2022
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication... Critical Unreviewed
CVE-2020-6207 was published May 24, 2022
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from... Critical Unreviewed
CVE-2020-6198 was published May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to... Critical Unreviewed
CVE-2020-7115 was published May 24, 2022
DevSpace vulnerable to remote code execution Critical
CVE-2020-15391 was published for github.com/loft-sh/devspace (Go) May 24, 2022
It is possible to enumerate access card credentials via an unauthenticated network connection to... Critical Unreviewed
CVE-2020-16098 was published May 24, 2022
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows... Critical Unreviewed
CVE-2020-15851 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an... Critical Unreviewed
CVE-2020-12505 was published May 24, 2022
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an... Critical Unreviewed
CVE-2020-12506 was published May 24, 2022
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders... Critical Unreviewed
CVE-2020-24217 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an... Critical Unreviewed
CVE-2020-3531 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and... Critical Unreviewed
CVE-2020-7561 was published May 24, 2022
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user.... Critical Unreviewed
CVE-2020-29389 was published May 24, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on... Critical Unreviewed
CVE-2020-7540 was published May 24, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... Critical Unreviewed
CVE-2020-25228 was published May 24, 2022
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35466 was published May 24, 2022
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for... Critical Unreviewed
CVE-2020-35193 was published May 24, 2022
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35464 was published May 24, 2022
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user.... Critical Unreviewed
CVE-2020-35462 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database