Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a... Moderate Unreviewed
CVE-2023-51766 was published Dec 24, 2023
Magento 2 Community Edition Insufficient Logging Moderate
CVE-2019-8124 was published for magento/community-edition (Composer) May 24, 2022
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-32329 was published Feb 3, 2024
File reference keys leads to incorrect hashes on HMAC algorithms Moderate
CVE-2021-41106 was published for lcobucci/jwt (Composer) Sep 29, 2021
arokettu
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Moderate Unreviewed
CVE-2023-30562 was published Jul 13, 2023
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7398 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7397 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between... Moderate Unreviewed
CVE-2023-5366 was published Oct 6, 2023
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions... Moderate Unreviewed
CVE-2019-5431 was published May 24, 2022
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack... Moderate Unreviewed
CVE-2019-1880 was published May 24, 2022
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an... Moderate Unreviewed
CVE-2019-5478 was published May 24, 2022
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an... Moderate Unreviewed
CVE-2019-12620 was published May 24, 2022
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any... Moderate Unreviewed
CVE-2019-11737 was published May 24, 2022
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why... Moderate Unreviewed
CVE-2019-15162 was published May 24, 2022
com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and... Moderate Unreviewed
CVE-2019-20057 was published May 24, 2022
In modem, there is a possible missing verification of HashMME value in Security Mode Command.... Moderate Unreviewed
CVE-2022-44420 was published May 9, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up... Moderate Unreviewed
CVE-2023-2897 was published Jun 9, 2023
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing... Moderate Unreviewed
CVE-2022-4537 was published Jul 6, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote... Moderate Unreviewed
CVE-2023-2314 was published Jul 29, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and... Moderate Unreviewed
CVE-2023-36858 was published Aug 2, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed
CVE-2023-3749 was published Aug 3, 2023
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version... Moderate Unreviewed
CVE-2023-42782 was published Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database