Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353... High Unreviewed
CVE-2022-2793 was published Aug 20, 2022
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed... High Unreviewed
CVE-2020-26893 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-17426 was published May 24, 2022
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File... High Unreviewed
CVE-2021-31783 was published May 24, 2022
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files... High Unreviewed
CVE-2021-29239 was published May 24, 2022
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an... High Unreviewed
CVE-2020-24395 was published May 24, 2022
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows... High Unreviewed
CVE-2021-33887 was published May 24, 2022
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The... High Unreviewed
CVE-2021-33712 was published May 24, 2022
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series... High Unreviewed
CVE-2021-1586 was published May 24, 2022
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows... High Unreviewed
CVE-2020-19769 was published May 24, 2022
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows... High Unreviewed
CVE-2020-19768 was published May 24, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or... High Unreviewed
CVE-2021-26610 was published May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently... High Unreviewed
CVE-2021-26315 was published May 24, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during... High Unreviewed
CVE-2022-38625 was published Aug 30, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed
CVE-2018-7798 was published May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed
CVE-2019-1000012 was published May 13, 2022
Insufficient Verification of Data Authenticity in Eclipse Theia High
CVE-2019-17636 was published for @theia/mini-browser (npm) Apr 13, 2021
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed
CVE-2019-0805 was published May 13, 2022
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface... High Unreviewed
CVE-2021-26103 was published Dec 9, 2021
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed
CVE-2019-7323 was published May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed
CVE-2016-4554 was published May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed
CVE-2016-4553 was published May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in... High Unreviewed
CVE-2017-10624 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database