GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113 advisories
Filter by severity
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/...
Moderate
Unreviewed
CVE-2019-16388
was published
May 24, 2022
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive...
Moderate
Unreviewed
CVE-2023-46186
was published
Feb 14, 2024
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML...
Critical
Unreviewed
CVE-2024-24592
was published
Feb 6, 2024
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system...
High
Unreviewed
CVE-2004-2144
was published
Apr 29, 2022
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files...
Moderate
Unreviewed
CVE-2002-1798
was published
Apr 30, 2022
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to...
Critical
Unreviewed
CVE-2024-0204
was published
Jan 22, 2024
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may...
Moderate
Unreviewed
CVE-2023-50935
was published
Feb 2, 2024
In affected Ops Manager versions there is an exposed http route was that may allow attackers to...
Moderate
Unreviewed
CVE-2019-2388
was published
May 24, 2022
Unsafe handling of user-specified cookies in treq
Moderate
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users...
High
Unreviewed
CVE-2005-1654
was published
May 1, 2022
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct...
Moderate
Unreviewed
CVE-2005-1698
was published
May 1, 2022
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct...
High
Unreviewed
CVE-2005-1685
was published
May 1, 2022
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to...
High
Unreviewed
CVE-2005-1668
was published
May 1, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images...
Moderate
Unreviewed
CVE-2004-2257
was published
Apr 29, 2022
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as...
High
Unreviewed
CVE-2005-1827
was published
May 1, 2022
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive...
Moderate
Unreviewed
CVE-2005-1892
was published
May 1, 2022
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct...
Moderate
Unreviewed
CVE-2005-1688
was published
May 1, 2022
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive...
Moderate
Unreviewed
CVE-2005-1697
was published
May 1, 2022
Missing Authorization in Jenkins
Moderate
CVE-2019-10354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
dot-prop Prototype Pollution vulnerability
High
CVE-2020-8116
was published
for
dot-prop
(npm)
Jul 29, 2020
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic....
Moderate
Unreviewed
CVE-2023-5702
was published
Oct 23, 2023
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects...
Moderate
Unreviewed
CVE-2023-2524
was published
May 4, 2023
A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic....
Moderate
Unreviewed
CVE-2023-3792
was published
Jul 20, 2023
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as...
Moderate
Unreviewed
CVE-2023-5786
was published
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API