GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
308 advisories
Filter by severity
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows...
Moderate
Unreviewed
CVE-2024-31341
was published
May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for...
Moderate
Unreviewed
CVE-2024-27244
was published
May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker...
Moderate
Unreviewed
CVE-2023-6323
was published
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL...
Moderate
Unreviewed
CVE-2023-45586
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33494
was published
May 14, 2024
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-27360
was published
May 3, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Hex authenticity of signed packages not validated
High
CVE-2019-1000013
was published
for
hex_core
(Erlang)
May 13, 2022
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
Critical
Unreviewed
CVE-2023-28863
was published
Apr 18, 2023
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end...
High
Unreviewed
CVE-2024-3051
was published
Apr 27, 2024
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a...
High
Unreviewed
CVE-2021-36367
was published
May 24, 2022
Drupal Incorrect cache context on password reset page
High
CVE-2016-9450
was published
for
drupal/core
(Composer)
May 17, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to...
Moderate
Unreviewed
CVE-2022-26579
was published
Dec 17, 2022
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using...
Moderate
Unreviewed
CVE-2021-22947
was published
May 24, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version...
Moderate
Unreviewed
CVE-2023-42782
was published
Oct 10, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on...
High
Unreviewed
CVE-2023-5450
was published
Oct 10, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,...
Moderate
Unreviewed
CVE-2023-3920
was published
Sep 29, 2023
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing
the...
High
Unreviewed
CVE-2023-43636
was published
Sep 20, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10...
High
Unreviewed
CVE-2023-4589
was published
Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper...
High
Unreviewed
CVE-2023-35906
was published
Sep 5, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of...
High
Unreviewed
CVE-2023-22955
was published
Aug 11, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5...
High
Unreviewed
CVE-2023-36541
was published
Aug 8, 2023
ProTip!
Advisories are also available from the
GraphQL API