Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/... Moderate Unreviewed
CVE-2019-16388 was published May 24, 2022
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2023-46186 was published Feb 14, 2024
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML... Critical Unreviewed
CVE-2024-24592 was published Feb 6, 2024
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system... High Unreviewed
CVE-2004-2144 was published Apr 29, 2022
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files... Moderate Unreviewed
CVE-2002-1798 was published Apr 30, 2022
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to... Critical Unreviewed
CVE-2024-0204 was published Jan 22, 2024
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may... Moderate Unreviewed
CVE-2023-50935 was published Feb 2, 2024
In affected Ops Manager versions there is an exposed http route was that may allow attackers to... Moderate Unreviewed
CVE-2019-2388 was published May 24, 2022
Unsafe handling of user-specified cookies in treq Moderate
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users... High Unreviewed
CVE-2005-1654 was published May 1, 2022
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct... Moderate Unreviewed
CVE-2005-1698 was published May 1, 2022
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct... High Unreviewed
CVE-2005-1685 was published May 1, 2022
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to... High Unreviewed
CVE-2005-1668 was published May 1, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images... Moderate Unreviewed
CVE-2004-2257 was published Apr 29, 2022
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as... High Unreviewed
CVE-2005-1827 was published May 1, 2022
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive... Moderate Unreviewed
CVE-2005-1892 was published May 1, 2022
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct... Moderate Unreviewed
CVE-2005-1688 was published May 1, 2022
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive... Moderate Unreviewed
CVE-2005-1697 was published May 1, 2022
Missing Authorization in Jenkins Moderate
CVE-2019-10354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic.... Moderate Unreviewed
CVE-2023-5702 was published Oct 23, 2023
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects... Moderate Unreviewed
CVE-2023-2524 was published May 4, 2023
A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic.... Moderate Unreviewed
CVE-2023-3792 was published Jul 20, 2023
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as... Moderate Unreviewed
CVE-2023-5786 was published Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API