GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
310 advisories
Filter by severity
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Moderate
CVE-2023-5548
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
vantage6-server node accepts non-whitelisted algorithms from malicious server
High
CVE-2023-47631
was published
for
vantage6-server
(pip)
Nov 14, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity...
Moderate
Unreviewed
CVE-2023-35719
was published
Sep 6, 2023
Removal of e-Tugra root certificate
High
CVE-2023-37920
was published
for
certifi
(pip)
Jul 25, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
Pipelines do not validate child UIDs
Low
CVE-2023-37264
was published
for
github.com/tektoncd/pipeline
(Go)
Jul 7, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation...
Critical
Unreviewed
CVE-2023-4699
was published
Nov 6, 2023
Graylog vulnerable to insecure source port usage for DNS queries
Low
CVE-2023-41045
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Insufficient Verification of Data Authenticity in Apache InLong
Moderate
CVE-2023-43666
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This...
Low
Unreviewed
CVE-2023-4177
was published
Aug 6, 2023
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Prototype Pollution in defaults-deep
Critical
CVE-2018-16486
was published
for
defaults-deep
(npm)
Feb 7, 2019
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Ansible does not verify that the server hostname matches a domain name in certificates
Moderate
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
Token reuse in Ory fosite
High
CVE-2020-15222
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to...
Critical
Unreviewed
CVE-2022-0715
was published
Mar 10, 2022
Auth0 Passport-SharePoint does not validate JWT signature
High
CVE-2019-13483
was published
for
passport-sharepoint
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API