Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

251 advisories

Loading
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow... High Unreviewed
CVE-2021-26098 was published May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7... Moderate Unreviewed
CVE-2021-27499 was published May 24, 2022
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and... Moderate Unreviewed
CVE-2021-23020 was published May 24, 2022
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing... Moderate Unreviewed
CVE-2021-26909 was published May 24, 2022
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions... Moderate Unreviewed
CVE-2021-27393 was published May 24, 2022
A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All... Moderate Unreviewed
CVE-2021-25677 was published May 24, 2022
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote... Moderate Unreviewed
CVE-2021-25375 was published May 24, 2022
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms... Moderate Unreviewed
CVE-2021-3446 was published May 24, 2022
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of... Moderate Unreviewed
CVE-2021-0375 was published May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password... High Unreviewed
CVE-2020-13860 was published May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol... High Unreviewed
CVE-2020-27264 was published May 24, 2022
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface... Moderate Unreviewed
CVE-2020-17470 was published May 24, 2022
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute... Moderate Unreviewed
CVE-2020-15023 was published May 24, 2022
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and... Critical Unreviewed
CVE-2020-7548 was published May 24, 2022
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that... Critical Unreviewed
CVE-2020-25705 was published May 24, 2022
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon... High Unreviewed
CVE-2020-1472 was published May 24, 2022
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain... Moderate Unreviewed
CVE-2020-16166 was published May 24, 2022
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the... Moderate Unreviewed
CVE-2020-10274 was published May 24, 2022
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2020-13817 was published May 24, 2022
React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might... Moderate Unreviewed
CVE-2020-12270 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2... Moderate Unreviewed
CVE-2020-1759 was published May 24, 2022
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier... Low Unreviewed
CVE-2020-8631 was published May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of... Moderate Unreviewed
CVE-2018-19441 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database