Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Mail spoofing Moderate Unreviewed
CVE-2024-55929 was published Jan 23, 2025
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
In regclient, pinned manifest digests may be ignored Moderate
CVE-2025-24882 was published for github.com/regclient/regclient (Go) Aug 5, 2024
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD... High Unreviewed
CVE-2024-10237 was published Feb 4, 2025
CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts High
GHSA-r3r4-g7hq-pq4f was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access... Low Unreviewed
CVE-2025-23415 was published Feb 5, 2025
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid... Moderate Unreviewed
CVE-2025-0510 was published Feb 4, 2025
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This... High Unreviewed
CVE-2025-1108 was published Feb 7, 2025
Hickory DNS's DNSSEC validation may accept broken authentication chains Moderate
CVE-2025-25188 was published for hickory-proto (Rust) Feb 10, 2025
divergentdave
Hickory DNS failure to verify self-signed RRSIG for DNSKEYs Moderate
GHSA-v7pc-74h8-xq2h was published for hickory-proto (Rust) Feb 10, 2025
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4... High Unreviewed
CVE-2024-39805 was published Feb 13, 2025
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska pcreager23
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or... Low Unreviewed
CVE-2024-10977 was published Nov 14, 2024
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-4699 was published Nov 6, 2023
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-w6mr-mj53-x258 was published for picklescan (pip) Mar 10, 2025 withdrawn
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
GHSA-2fh4-gpch-vqv4 was published for picklescan (pip) Mar 10, 2025 withdrawn
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source... High Unreviewed
CVE-2024-27773 was published Mar 18, 2024
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an... Moderate Unreviewed
CVE-2025-0149 was published Mar 11, 2025
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices... Moderate Unreviewed
CVE-2025-27257 was published Mar 10, 2025
Jenkins does not Verify Checksums for Plugin Files High
CVE-2015-7539 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database