GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,567
Composer 4,697
Erlang 34
GitHub Actions 28
Go 2,289
Maven 5,573
npm 3,936
NuGet 708
pip 3,706
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,136

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

248 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions),... High Unreviewed

CVE-2025-24008 was published May 13, 2025

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography... High Unreviewed

CVE-2024-0220 was published Feb 22, 2024

SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or... High Unreviewed

CVE-2017-17763 was published May 13, 2022

On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted... High Unreviewed

CVE-2017-7729 was published May 13, 2022

Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed

CVE-2017-3219 was published May 13, 2022

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http... Moderate Unreviewed

CVE-2017-9045 was published May 13, 2022

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6... Moderate Unreviewed

CVE-2017-7485 was published May 13, 2022

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed

CVE-2017-6445 was published May 13, 2022

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption... Moderate Unreviewed

CVE-2017-6297 was published May 13, 2022

BigFix deployments that have installed the Notification Service on Windows are susceptible to... High Unreviewed

CVE-2022-38658 was published Dec 24, 2022

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that... Moderate Unreviewed

CVE-2025-1688 was published Apr 15, 2025

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2... Moderate Unreviewed

CVE-2023-37405 was published Mar 27, 2025

A local user may find a configuration file on the client workstation with unencrypted sensitive... High Unreviewed

CVE-2024-23942 was published Mar 18, 2025

When saving HSTS data to an excessively long file name, curl could end up removing all contents,... Moderate Unreviewed

CVE-2023-46219 was published Dec 12, 2023

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption... Moderate Unreviewed

CVE-2024-40620 was published Aug 14, 2024

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is... High Unreviewed

CVE-2023-32290 was published May 7, 2023

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote... Moderate Unreviewed

CVE-2024-38325 was published Jan 27, 2025

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed

CVE-2024-41757 was published Jan 24, 2025

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the... Moderate Unreviewed

CVE-2020-27650 was published May 24, 2022

On Arista CloudVision Appliance (CVA) affected releases running on appliances that support... Moderate Unreviewed

CVE-2024-7142 was published Jan 11, 2025

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to... Moderate Unreviewed

CVE-2021-39090 was published Feb 29, 2024

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what... Critical Unreviewed

CVE-2024-4995 was published Dec 18, 2024

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed

CVE-2023-21404 was published May 8, 2023

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An... High Unreviewed

CVE-2023-30602 was published Jul 6, 2023

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed

CVE-2023-4537 was published Feb 15, 2024

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

248 advisories