Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Prototype Pollution in defaults-deep Critical
CVE-2018-16486 was published for defaults-deep (npm) Feb 7, 2019
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is... Critical Unreviewed
CVE-2022-3703 was published Jul 6, 2023
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is... Critical Unreviewed
CVE-2019-11235 was published May 24, 2022
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded... Critical Unreviewed
CVE-2023-27748 was published Apr 13, 2023
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of... Critical Unreviewed
CVE-2023-2987 was published May 31, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
Controller may be loaded with malicious firmware which could enable remote code execution Critical Unreviewed
CVE-2023-25178 was published Jul 13, 2023
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36134 was published Aug 4, 2023
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36139 was published Aug 4, 2023
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed
CVE-2023-28863 was published Apr 18, 2023
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not... Critical Unreviewed
CVE-2024-1554 was published Feb 20, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Insufficient Verification of Data Authenticity in python-keystoneclient Critical
CVE-2013-2167 was published for python-keystoneclient (pip) Mar 10, 2020
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-4699 was published Nov 6, 2023
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they... Critical Unreviewed
CVE-2024-11666 was published Nov 25, 2024
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware... Critical Unreviewed
CVE-2023-28386 was published May 22, 2023
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database