Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module... High Unreviewed
CVE-2014-8165 was published May 14, 2022
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be... High Unreviewed
CVE-2019-10181 was published May 24, 2022
A flaw was found in RPM's signature check functionality when reading a package file. This flaw... High Unreviewed
CVE-2021-20271 was published May 24, 2022
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network ... High Unreviewed
CVE-2023-22315 was published Jan 31, 2023
An exploitable code execution vulnerability exists in the Web-Based Management (WBM)... High Unreviewed
CVE-2020-6090 was published May 24, 2022
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the... High Unreviewed
CVE-2017-20180 was published Mar 6, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27979 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27982 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27977 was published Mar 21, 2023
A man in the middle can redirect traffic to a malicious server in a compromised configuration. High Unreviewed
CVE-2023-26467 was published Apr 11, 2023
Auth0 Passport-SharePoint does not validate JWT signature High
CVE-2019-13483 was published for passport-sharepoint (npm) May 24, 2022
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault High
CVE-2020-16250 was published for github.com/hashicorp/vault (Go) Aug 2, 2021
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability High
CVE-2023-43800 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Attacker can cause Kyverno user to unintentionally consume insecure image High
CVE-2023-47630 was published for github.com/kyverno/kyverno (Go) Nov 14, 2023
AdamKorcz
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution... High Unreviewed
CVE-2023-5747 was published Nov 13, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
Validation of SignedInfo High
CVE-2023-49087 was published for simplesamlphp/saml2 (Composer) Nov 28, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database