Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an... Moderate Unreviewed
CVE-2019-12620 was published May 24, 2022
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an... Moderate Unreviewed
CVE-2019-5478 was published May 24, 2022
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack... Moderate Unreviewed
CVE-2019-1880 was published May 24, 2022
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions... Moderate Unreviewed
CVE-2019-5431 was published May 24, 2022
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between... Moderate Unreviewed
CVE-2023-5366 was published Oct 6, 2023
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7397 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7398 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Moderate Unreviewed
CVE-2023-30562 was published Jul 13, 2023
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
File reference keys leads to incorrect hashes on HMAC algorithms Moderate
CVE-2021-41106 was published for lcobucci/jwt (Composer) Sep 29, 2021
arokettu
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-32329 was published Feb 3, 2024
Magento 2 Community Edition Insufficient Logging Moderate
CVE-2019-8124 was published for magento/community-edition (Composer) May 24, 2022
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a... Moderate Unreviewed
CVE-2023-51766 was published Dec 24, 2023
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode... Moderate Unreviewed
CVE-2023-51655 was published Dec 21, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC Moderate
GHSA-hfmc-7525-mj55 was published for asyncssh (pip) Dec 18, 2023
TrueSkrillor lambdafu
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity... Moderate Unreviewed
CVE-2023-35719 was published Sep 6, 2023
Kubernetes users may update Pod labels to bypass network policy Moderate
CVE-2023-39347 was published for github.com/cilium/cilium (Go) Sep 26, 2023
odinuge nebril
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Insufficient Verification of Data Authenticity in Apache InLong Moderate
CVE-2023-43666 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database