Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,495
Maven
5,000+
npm
4,138
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count... High Unreviewed
CVE-2024-37370 was published Jun 29, 2024
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified... Moderate Unreviewed
CVE-2025-2346 was published Mar 16, 2025
Insufficient verification of data authenticity in the configuration state machine may allow a... Low Unreviewed
CVE-2023-20570 was published Feb 13, 2024
WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly.security:wildfly-elytron (Maven) Mar 25, 2025
Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful... High Unreviewed
CVE-2023-52546 was published Apr 8, 2024
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS)... Moderate Unreviewed
CVE-2025-27735 was published Apr 8, 2025
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret... Moderate Unreviewed
CVE-2021-26403 was published Jan 11, 2023
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1945 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
Zip Exploit Crashes Picklescan But Not PyTorch Moderate
CVE-2025-1944 was published for picklescan (pip) Mar 10, 2025
madgetr axsonatype
OpenID4Java does not verify that Attribute Exchange (AX) information is signed Moderate
CVE-2011-4314 was published for org.openid4java:openid4java (Maven) May 17, 2022
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module... High Unreviewed
CVE-2014-8165 was published May 14, 2022
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated... High Unreviewed
CVE-2014-5406 was published May 17, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates... High Unreviewed
CVE-2016-2346 was published May 17, 2022
When loading a script with Subresource Integrity, attackers with an injection capability could... Moderate Unreviewed
CVE-2022-36315 was published Dec 22, 2022
When downloading an update for an addon, the downloaded addon update's version was not verified... Moderate Unreviewed
CVE-2022-34471 was published Dec 22, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442... Critical Unreviewed
CVE-2025-27680 was published Mar 5, 2025
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed
CVE-2022-22757 was published Dec 22, 2022
D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2... High Unreviewed
CVE-2022-38873 was published Dec 20, 2022
An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a... Moderate Unreviewed
CVE-2022-46422 was published Dec 20, 2022
TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of... Moderate Unreviewed
CVE-2022-46139 was published Dec 20, 2022
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
GHSA-4v5x-9m47-cqr2 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024 withdrawn
darranl
Acronis True Image up to and including version 2017 Build 8053 performs software updates using... High Unreviewed
CVE-2017-3219 was published May 13, 2022
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior... High Unreviewed
CVE-2017-3218 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database