GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,590
Composer 4,706
Erlang 34
GitHub Actions 28
Go 2,292
Maven 5,573
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,535

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

135 advisories

Filter by severity

Sort by

Least recently updated

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed

CVE-2020-15345 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed

CVE-2020-15342 was published Sep 30, 2022

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca... Moderate Unreviewed

CVE-2022-3251 was published Sep 22, 2022

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management... Moderate Unreviewed

CVE-2022-39014 was published Sep 14, 2022

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only... Moderate Unreviewed

CVE-2022-26390 was published Sep 10, 2022

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may... Moderate Unreviewed

CVE-2022-38194 was published Aug 17, 2022

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed

CVE-2022-20219 was published Jul 14, 2022

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed

CVE-2021-40650 was published Jun 15, 2022

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed

CVE-2021-27783 was published May 26, 2022

Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed

CVE-2021-3774 was published May 24, 2022

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.... Moderate Unreviewed

CVE-2021-35236 was published May 24, 2022

On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed

CVE-2021-28496 was published May 24, 2022

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client... Moderate Unreviewed

CVE-2021-3882 was published May 24, 2022

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed

CVE-2020-12730 was published May 24, 2022

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all... Moderate Unreviewed

CVE-2021-22782 was published May 24, 2022

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information... Moderate Unreviewed

CVE-2021-20567 was published May 24, 2022

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed

CVE-2021-23211 was published May 24, 2022

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed

CVE-2019-4471 was published May 24, 2022

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance... Moderate Unreviewed

CVE-2020-29024 was published May 24, 2022

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or... Moderate Unreviewed

CVE-2020-4597 was published May 24, 2022

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. Moderate Unreviewed

CVE-2020-35658 was published May 24, 2022

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the... Moderate Unreviewed

CVE-2020-26816 was published May 24, 2022

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all... Moderate Unreviewed

CVE-2020-7567 was published May 24, 2022

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption... Moderate Unreviewed

CVE-2020-8150 was published May 24, 2022

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the... Moderate Unreviewed

CVE-2020-27650 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

135 advisories