GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-32329
was published
Feb 3, 2024
Magento 2 Community Edition Insufficient Logging
Moderate
CVE-2019-8124
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Security Bypass
High
CVE-2019-8112
was published
for
magento/community-edition
(Composer)
May 24, 2022
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is...
Critical
Unreviewed
CVE-2022-3703
was published
Jul 6, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote...
High
Unreviewed
CVE-2023-5482
was published
Nov 1, 2023
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions...
Moderate
Unreviewed
CVE-2023-51764
was published
Dec 24, 2023
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful...
High
Unreviewed
CVE-2023-52109
was published
Jan 16, 2024
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Composer allows cache poisoning from other projects built on the same host
High
CVE-2015-8371
was published
for
composer/composer
(Composer)
Sep 21, 2023
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a...
Moderate
Unreviewed
CVE-2023-51766
was published
Dec 24, 2023
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote...
Moderate
Unreviewed
CVE-2023-51765
was published
Dec 24, 2023
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16...
Low
Unreviewed
CVE-2023-2030
was published
Jan 12, 2024
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode...
Moderate
Unreviewed
CVE-2023-51655
was published
Dec 21, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
Validation of SignedInfo
High
CVE-2023-49087
was published
for
simplesamlphp/saml2
(Composer)
Nov 28, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API