Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

496 advisories

Loading
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive... Moderate Unreviewed
CVE-2022-40768 was published Sep 19, 2022
Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder,... Moderate Unreviewed
CVE-2022-36780 was published Sep 14, 2022
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE... Moderate Unreviewed
CVE-2022-38006 was published Sep 14, 2022
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE... Moderate Unreviewed
CVE-2022-35837 was published Sep 14, 2022
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an... Moderate Unreviewed
CVE-2022-22483 was published Sep 14, 2022
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote... Moderate Unreviewed
CVE-2022-38770 was published Sep 14, 2022
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to... Moderate Unreviewed
CVE-2022-36875 was published Sep 10, 2022
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response... Moderate Unreviewed
CVE-2022-37146 was published Sep 9, 2022
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user... Moderate Unreviewed
CVE-2022-38400 was published Sep 9, 2022
A vulnerability in the web-based management interface of AOS-CX could allow a remote... Moderate Unreviewed
CVE-2022-23690 was published Sep 7, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain... Moderate Unreviewed
CVE-2021-39045 was published Sep 2, 2022
A credentials leak was found in the OpenShift Container Platform. The private key for the... Moderate Unreviewed
CVE-2022-2403 was published Sep 2, 2022
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription... Moderate Unreviewed
CVE-2022-0852 was published Aug 29, 2022
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at... Moderate Unreviewed
CVE-2022-35235 was published Aug 24, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0... Moderate Unreviewed
CVE-2022-31238 was published Aug 23, 2022
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a... Moderate Unreviewed
CVE-2022-25986 was published Aug 19, 2022
In Content, there is a possible way to learn gmail account name on the device due to a... Moderate Unreviewed
CVE-2022-20270 was published Aug 13, 2022
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79... Moderate Unreviewed
CVE-2022-2610 was published Aug 13, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-0975 was published Aug 12, 2022
In Settings, there is a possible way to determine whether an app is installed without query... Moderate Unreviewed
CVE-2021-0734 was published Aug 12, 2022
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3... Moderate Unreviewed
CVE-2022-36829 was published Aug 6, 2022
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version... Moderate Unreviewed
CVE-2022-36830 was published Aug 6, 2022
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7... Moderate Unreviewed
CVE-2022-35716 was published Aug 2, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access... Moderate Unreviewed
CVE-2022-22334 was published Aug 2, 2022
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the... Moderate Unreviewed
CVE-2022-2370 was published Aug 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database