Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... High Unreviewed
CVE-2022-32252 was published Jun 15, 2022
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules... High Unreviewed
CVE-2024-30162 was published Jun 7, 2024
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions... High Unreviewed
CVE-2024-33687 was published Jun 24, 2024
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue... Low Unreviewed
CVE-2022-44593 was published Jun 21, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote... Moderate Unreviewed
CVE-2023-51765 was published Dec 24, 2023
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed
CVE-2023-51764 was published Dec 24, 2023
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-27360 was published May 3, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed
CVE-2023-28863 was published Apr 18, 2023
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end... High Unreviewed
CVE-2024-3051 was published Apr 27, 2024
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a... High Unreviewed
CVE-2021-36367 was published May 24, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed
CVE-2022-26579 was published Dec 17, 2022
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using... Moderate Unreviewed
CVE-2021-22947 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API