GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10...
High
Unreviewed
CVE-2023-4589
was published
Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper...
High
Unreviewed
CVE-2023-35906
was published
Sep 5, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of...
High
Unreviewed
CVE-2023-22955
was published
Aug 11, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5...
High
Unreviewed
CVE-2023-36541
was published
Aug 8, 2023
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address...
Critical
Unreviewed
CVE-2023-36139
was published
Aug 4, 2023
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address...
Critical
Unreviewed
CVE-2023-36134
was published
Aug 4, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.
Moderate
Unreviewed
CVE-2023-3749
was published
Aug 3, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity...
High
Unreviewed
CVE-2023-3663
was published
Aug 3, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and...
Moderate
Unreviewed
CVE-2023-36858
was published
Aug 2, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote...
Moderate
Unreviewed
CVE-2023-2314
was published
Jul 29, 2023
Controller may be loaded with malicious firmware which could enable remote code execution
Critical
Unreviewed
CVE-2023-25178
was published
Jul 13, 2023
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing...
Moderate
Unreviewed
CVE-2022-4537
was published
Jul 6, 2023
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be...
High
Unreviewed
CVE-2022-48431
was published
Jul 6, 2023
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow...
High
Unreviewed
CVE-2022-46370
was published
Jul 6, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an...
Critical
Unreviewed
CVE-2023-3325
was published
Jun 20, 2023
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to...
High
Unreviewed
CVE-2023-30759
was published
Jun 19, 2023
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may...
High
Unreviewed
CVE-2023-34113
was published
Jun 13, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up...
Moderate
Unreviewed
CVE-2023-2897
was published
Jun 9, 2023
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto...
High
Unreviewed
CVE-2023-2866
was published
Jun 7, 2023
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of...
Critical
Unreviewed
CVE-2023-2987
was published
May 31, 2023
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware...
Critical
Unreviewed
CVE-2023-28386
was published
May 22, 2023
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE)...
High
Unreviewed
CVE-2023-31502
was published
May 12, 2023
In modem, there is a possible missing verification of HashMME value in Security Mode Command....
Moderate
Unreviewed
CVE-2022-44420
was published
May 9, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded...
Critical
Unreviewed
CVE-2023-27748
was published
Apr 13, 2023
A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series...
High
Unreviewed
CVE-2020-3220
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API