Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default... Critical Unreviewed
CVE-2022-24706 was published Apr 27, 2022
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in... Critical Unreviewed
CVE-2017-5178 was published May 13, 2022
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running... Critical Unreviewed
CVE-2017-3834 was published May 13, 2022
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a... Critical Unreviewed
CVE-2018-19275 was published May 13, 2022
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change... Critical Unreviewed
CVE-2019-3909 was published May 13, 2022
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability... Critical Unreviewed
CVE-2017-8021 was published May 13, 2022
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic... Critical Unreviewed
CVE-2018-0130 was published May 13, 2022
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants... Critical Unreviewed
CVE-2017-12739 was published May 13, 2022
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts,... Critical Unreviewed
CVE-2017-7964 was published May 13, 2022
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n... Critical Unreviewed
CVE-2017-8218 was published May 13, 2022
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware... Critical Unreviewed
CVE-2018-10251 was published May 13, 2022
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default... Critical Unreviewed
CVE-2018-10968 was published May 13, 2022
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote... Critical Unreviewed
CVE-2018-15350 was published May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon... Critical Unreviewed
CVE-2018-3591 was published May 13, 2022
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a... Critical Unreviewed
CVE-2018-5770 was published May 13, 2022
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this... Critical Unreviewed
CVE-2019-11618 was published May 24, 2022
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric... Critical Unreviewed
CVE-2019-1804 was published May 24, 2022
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were... Critical Unreviewed
CVE-2019-5497 was published May 24, 2022
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC... Critical Unreviewed
CVE-2019-4169 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed
CVE-2021-34795 was published May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an... Critical Unreviewed
CVE-2021-21505 was published May 24, 2022
The Orca HCM digital learning platform uses a weak factory default administrator password, which... Critical Unreviewed
CVE-2021-35965 was published May 24, 2022
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection... Critical Unreviewed
CVE-2022-31806 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database