Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
nw-with-arm downloads Resources over HTTP High
CVE-2016-10629 was published for nw-with-arm (npm) Feb 18, 2019
Downloads Resources over HTTP in jvminstall High
CVE-2016-10631 was published for jvminstall (npm) Feb 18, 2019
dwebp-bin downloads Resources over HTTP High
CVE-2016-10633 was published for dwebp-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in broccoli-closure High
CVE-2016-10635 was published for broccoli-closure (npm) Feb 18, 2019
closure-util downloads Resources over HTTP High
CVE-2016-10583 was published for closure-util (npm) Feb 18, 2019
Downloads Resources over HTTP in chromedriver High
CVE-2016-10579 was published for chromedriver (npm) Feb 18, 2019
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
Downloads Resources over HTTP in apk-parser High
CVE-2016-10564 was published for apk-parser (npm) Sep 1, 2020
Downloads Resources over HTTP in apk-parser3 High
CVE-2016-10574 was published for apk-parser3 (npm) Sep 1, 2020
frames-compiler downloads Resources over HTTP High
CVE-2016-10649 was published for frames-compiler (npm) Sep 1, 2020
Downloads Resources over HTTP in node-air-sdk High
CVE-2016-10647 was published for node-air-sdk (npm) Sep 1, 2020
windows-selenium-chromedriver downloads Resources over HTTP High
CVE-2016-10687 was published for windows-selenium-chromedriver (npm) Sep 1, 2020
gfe-sass downloads Resources over HTTP High
CVE-2017-16040 was published for gfe-sass (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
Downloads Resources over HTTP in windows-latestchromedriver High
CVE-2016-10696 was published for windows-latestchromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in npm-test-sqlite3-trunk High
CVE-2016-10695 was published for npm-test-sqlite3-trunk (npm) Sep 1, 2020
Downloads Resources over HTTP in pm2-kafka High
CVE-2016-10693 was published for pm2-kafka (npm) Sep 1, 2020
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number... High Unreviewed
CVE-2021-44480 was published Dec 2, 2021
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37050 was published Dec 9, 2021
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the... High Unreviewed
CVE-2021-37189 was published Dec 11, 2021
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This... High Unreviewed
CVE-2021-40148 was published Jan 5, 2022
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including... High Unreviewed
CVE-2020-9058 was published Jan 11, 2022
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption,... High Unreviewed
CVE-2020-9057 was published Jan 11, 2022
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its... High Unreviewed
CVE-2021-33020 was published Apr 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database