GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
101 advisories
Filter by severity
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote...
High
Unreviewed
CVE-2024-47295
was published
Oct 1, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array...
Critical
Unreviewed
CVE-2024-0001
was published
Sep 23, 2024
there is a possible arbitrary read due to an insecure default value. This could lead to local...
Moderate
Unreviewed
CVE-2024-44096
was published
Sep 13, 2024
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the...
High
Unreviewed
CVE-2024-6788
was published
Aug 13, 2024
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote...
Moderate
Unreviewed
CVE-2024-5801
was published
Aug 12, 2024
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR...
Critical
Unreviewed
CVE-2024-31070
was published
Jul 17, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4...
Critical
Unreviewed
CVE-2024-28815
was published
Mar 27, 2024
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4...
Moderate
Unreviewed
CVE-2024-26267
was published
Feb 20, 2024
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4...
Critical
Unreviewed
CVE-2024-25610
was published
Feb 20, 2024
Certain configuration available in the communication channel for encoders could expose sensitive...
Moderate
Unreviewed
CVE-2024-22388
was published
Feb 7, 2024
The affected devices use publicly available default credentials with administrative privileges.
Critical
Unreviewed
CVE-2023-39169
was published
Dec 7, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther...
High
Unreviewed
CVE-2023-27516
was published
Oct 12, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances...
Moderate
Unreviewed
CVE-2023-5368
was published
Oct 4, 2023
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10...
Moderate
Unreviewed
CVE-2023-40708
was published
Aug 24, 2023
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by...
High
Unreviewed
CVE-2023-3453
was published
Aug 24, 2023
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb...
High
Unreviewed
CVE-2023-35689
was published
Aug 15, 2023
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200...
High
Unreviewed
CVE-2023-1618
was published
May 19, 2023
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved...
Moderate
Unreviewed
CVE-2023-28978
was published
Apr 18, 2023
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
High
Unreviewed
CVE-2022-48432
was published
Mar 29, 2023
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could...
High
Unreviewed
CVE-2022-4224
was published
Mar 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Critical
Unreviewed
CVE-2022-48342
was published
Feb 23, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation...
Moderate
Unreviewed
CVE-2022-47194
was published
Jan 19, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation...
Moderate
Unreviewed
CVE-2022-47196
was published
Jan 19, 2023
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution...
High
Unreviewed
CVE-2022-2196
was published
Jan 9, 2023
ProTip!
Advisories are also available from the
GraphQL API