Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using... Moderate Unreviewed
CVE-2021-22947 was published May 24, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed
CVE-2022-26579 was published Dec 17, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a... High Unreviewed
CVE-2021-36367 was published May 24, 2022
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed
CVE-2023-28863 was published Apr 18, 2023
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed
CVE-2023-51764 was published Dec 24, 2023
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote... Moderate Unreviewed
CVE-2023-51765 was published Dec 24, 2023
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue... Low Unreviewed
CVE-2022-44593 was published Jun 21, 2024
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions... High Unreviewed
CVE-2024-33687 was published Jun 24, 2024
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules... High Unreviewed
CVE-2024-30162 was published Jun 7, 2024
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... High Unreviewed
CVE-2022-32252 was published Jun 15, 2022
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to... High Unreviewed
CVE-2024-3049 was published Jun 6, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote... High Unreviewed
CVE-2024-3173 was published Jul 17, 2024
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a... High Unreviewed
CVE-2024-7256 was published Aug 1, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a... Moderate Unreviewed
CVE-2023-35764 was published Apr 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database