GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
332 advisories
Filter by severity
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
Critical
Unreviewed
CVE-2023-28863
was published
Apr 18, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded...
Critical
Unreviewed
CVE-2023-27748
was published
Apr 13, 2023
A man in the middle can redirect traffic to a malicious server in a compromised configuration.
High
Unreviewed
CVE-2023-26467
was published
Apr 11, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server...
High
Unreviewed
CVE-2023-27979
was published
Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server...
High
Unreviewed
CVE-2023-27977
was published
Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server...
High
Unreviewed
CVE-2023-27982
was published
Mar 21, 2023
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could...
Moderate
Unreviewed
CVE-2023-0350
was published
Mar 13, 2023
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the...
High
Unreviewed
CVE-2017-20180
was published
Mar 6, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30...
Moderate
Unreviewed
CVE-2023-21441
was published
Feb 9, 2023
Payment information sent to PayPal not necessarily identical to created order
High
CVE-2023-23941
was published
for
swag/paypal
(Composer)
Feb 3, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network ...
High
Unreviewed
CVE-2023-22315
was published
Jan 31, 2023
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a...
Moderate
Unreviewed
CVE-2021-26396
was published
Jan 11, 2023
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware...
High
Unreviewed
CVE-2022-30260
was published
Dec 26, 2022
CodeIgniter4 allows spoofing of IP address when using proxy
High
CVE-2022-23556
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to...
Moderate
Unreviewed
CVE-2022-26579
was published
Dec 17, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE...
Moderate
Unreviewed
CVE-2022-37928
was published
Dec 12, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager...
Moderate
Unreviewed
CVE-2022-39909
was published
Dec 8, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to...
High
Unreviewed
CVE-2022-31877
was published
Nov 28, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in...
High
Unreviewed
CVE-2022-41156
was published
Nov 25, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Moderate
CVE-2022-39199
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API