GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to...
High
Unreviewed
CVE-2024-3049
was published
Jun 6, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-27360
was published
May 3, 2024
Hex authenticity of signed packages not validated
High
CVE-2019-1000013
was published
for
hex_core
(Erlang)
May 13, 2022
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end...
High
Unreviewed
CVE-2024-3051
was published
Apr 27, 2024
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a...
High
Unreviewed
CVE-2021-36367
was published
May 24, 2022
Drupal Incorrect cache context on password reset page
High
CVE-2016-9450
was published
for
drupal/core
(Composer)
May 17, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on...
High
Unreviewed
CVE-2023-5450
was published
Oct 10, 2023
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing
the...
High
Unreviewed
CVE-2023-43636
was published
Sep 20, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10...
High
Unreviewed
CVE-2023-4589
was published
Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper...
High
Unreviewed
CVE-2023-35906
was published
Sep 5, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of...
High
Unreviewed
CVE-2023-22955
was published
Aug 11, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5...
High
Unreviewed
CVE-2023-36541
was published
Aug 8, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity...
High
Unreviewed
CVE-2023-3663
was published
Aug 3, 2023
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be...
High
Unreviewed
CVE-2022-48431
was published
Jul 6, 2023
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow...
High
Unreviewed
CVE-2022-46370
was published
Jul 6, 2023
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to...
High
Unreviewed
CVE-2023-30759
was published
Jun 19, 2023
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may...
High
Unreviewed
CVE-2023-34113
was published
Jun 13, 2023
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto...
High
Unreviewed
CVE-2023-2866
was published
Jun 7, 2023
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE)...
High
Unreviewed
CVE-2023-31502
was published
May 12, 2023
A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series...
High
Unreviewed
CVE-2020-3220
was published
May 24, 2022
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated...
High
Unreviewed
CVE-2019-3979
was published
May 24, 2022
Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by...
High
Unreviewed
CVE-2019-6475
was published
May 24, 2022
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow...
High
Unreviewed
CVE-2019-1932
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API