Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

141 advisories

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-27360 was published May 3, 2024
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end... High Unreviewed
CVE-2024-3051 was published Apr 27, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists High
CVE-2024-30250 was published for @kindspells/astro-shield (npm) Apr 1, 2024
castarco
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful... High Unreviewed
CVE-2023-52109 was published Jan 16, 2024
Validation of SignedInfo High
CVE-2023-49087 was published for simplesamlphp/saml2 (Composer) Nov 28, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-server (pip) Nov 14, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image High
CVE-2023-47630 was published for github.com/kyverno/kyverno (Go) Nov 14, 2023
AdamKorcz
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution... High Unreviewed
CVE-2023-5747 was published Nov 13, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote... High Unreviewed
CVE-2023-5482 was published Nov 1, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability High
CVE-2023-43800 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,... High Unreviewed
CVE-2023-38552 was published Oct 18, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on... High Unreviewed
CVE-2023-5450 was published Oct 10, 2023
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the... High Unreviewed
CVE-2023-43636 was published Sep 20, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,... High Unreviewed
CVE-2023-20236 was published Sep 13, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10... High Unreviewed
CVE-2023-4589 was published Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of... High Unreviewed
CVE-2023-22955 was published Aug 11, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5... High Unreviewed
CVE-2023-36541 was published Aug 8, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity... High Unreviewed
CVE-2023-3663 was published Aug 3, 2023
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be... High Unreviewed
CVE-2022-48431 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API