GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
332 advisories
Filter by severity
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the...
Moderate
Unreviewed
CVE-2023-6533
was published
Feb 21, 2024
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the...
High
Unreviewed
CVE-2022-30272
was published
Jul 27, 2022
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-32329
was published
Feb 3, 2024
Magento 2 Community Edition Insufficient Logging
Moderate
CVE-2019-8124
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Security Bypass
High
CVE-2019-8112
was published
for
magento/community-edition
(Composer)
May 24, 2022
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is...
Critical
Unreviewed
CVE-2022-3703
was published
Jul 6, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote...
High
Unreviewed
CVE-2023-5482
was published
Nov 1, 2023
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful...
High
Unreviewed
CVE-2023-52109
was published
Jan 16, 2024
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Composer allows cache poisoning from other projects built on the same host
High
CVE-2015-8371
was published
for
composer/composer
(Composer)
Sep 21, 2023
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a...
Moderate
Unreviewed
CVE-2023-51766
was published
Dec 24, 2023
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16...
Low
Unreviewed
CVE-2023-2030
was published
Jan 12, 2024
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode...
Moderate
Unreviewed
CVE-2023-51655
was published
Dec 21, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
Validation of SignedInfo
High
CVE-2023-49087
was published
for
simplesamlphp/saml2
(Composer)
Nov 28, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API