Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack Moderate
CVE-2022-38179 was published for io.ktor:ktor (Maven) Aug 13, 2022
An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent... Moderate Unreviewed
CVE-2022-22203 was published Jul 21, 2022
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a... Critical Unreviewed
CVE-2021-27786 was published Jun 10, 2022
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Moderate Unreviewed
CVE-2022-31650 was published May 26, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the... Moderate Unreviewed
CVE-2021-39514 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. High Unreviewed
CVE-2021-37550 was published May 24, 2022
chatwoot is vulnerable to Inefficient Regular Expression Complexity High Unreviewed
CVE-2021-3649 was published May 24, 2022
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks... Moderate Unreviewed
CVE-2021-0295 was published May 24, 2022
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as... Moderate Unreviewed
CVE-2020-28200 was published May 24, 2022
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c... Moderate Unreviewed
CVE-2021-20219 was published May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because... Critical Unreviewed
CVE-2020-23359 was published May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for... Critical Unreviewed
CVE-2020-23361 was published May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where... Critical Unreviewed
CVE-2020-23360 was published May 24, 2022
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC... High Unreviewed
CVE-2020-13559 was published May 24, 2022
An unauthenticated client can trigger denial of service by issuing specially crafted wire... High Unreviewed
CVE-2019-20925 was published May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive... Moderate Unreviewed
CVE-2020-1741 was published May 24, 2022
An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores... Moderate Unreviewed
CVE-2019-20634 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2020-8864 was published May 24, 2022
Unraid 6.8.0 allows authentication bypass. High Unreviewed
CVE-2020-5849 was published May 24, 2022
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1... High Unreviewed
CVE-2016-10003 was published May 17, 2022
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote... Moderate Unreviewed
CVE-2011-3903 was published May 13, 2022
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the... Moderate Unreviewed
CVE-2005-2801 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database