GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,579
Composer 4,699
Erlang 34
GitHub Actions 28
Go 2,292
Maven 5,573
npm 3,941
NuGet 708
pip 3,708
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,362

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

170 advisories

Filter by severity

Sort by

Least recently updated

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance... Moderate Unreviewed

CVE-2020-29024 was published May 24, 2022

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption... Moderate Unreviewed

CVE-2020-8150 was published May 24, 2022

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. Moderate Unreviewed

CVE-2020-35658 was published May 24, 2022

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all... Moderate Unreviewed

CVE-2020-7567 was published May 24, 2022

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the... Moderate Unreviewed

CVE-2020-26816 was published May 24, 2022

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the... Moderate Unreviewed

CVE-2020-1688 was published May 24, 2022

An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the... Moderate Unreviewed

CVE-2020-15767 was published May 24, 2022

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH... Moderate Unreviewed

CVE-2020-12398 was published May 24, 2022

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed

CVE-2021-37209 was published Mar 9, 2022

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case... Moderate Unreviewed

CVE-2020-15574 was published May 24, 2022

In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery... Moderate Unreviewed

CVE-2020-15302 was published May 24, 2022

An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A... Moderate Unreviewed

CVE-2020-12772 was published May 24, 2022

On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane... Moderate Unreviewed

CVE-2020-5879 was published May 24, 2022

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a... Moderate Unreviewed

CVE-2020-11826 was published May 24, 2022

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. Moderate Unreviewed

CVE-2020-11685 was published May 24, 2022

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated... Moderate Unreviewed

CVE-2019-18376 was published May 24, 2022

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database... Moderate Unreviewed

CVE-2019-16062 was published May 24, 2022

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using... Moderate Unreviewed

CVE-2019-12121 was published May 24, 2022

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It... Moderate Unreviewed

CVE-2019-16063 was published May 24, 2022

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure... Moderate Unreviewed

CVE-2020-9470 was published May 24, 2022

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. Moderate Unreviewed

CVE-2019-16274 was published May 24, 2022

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces.... Moderate Unreviewed

CVE-2019-14317 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. Moderate Unreviewed

CVE-2020-15330 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Moderate Unreviewed

CVE-2020-15346 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed

CVE-2020-15342 was published Sep 30, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

170 advisories