Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP... Moderate Unreviewed
CVE-2021-27861 was published Sep 28, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed... Moderate Unreviewed
CVE-2021-27853 was published Sep 28, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP... Moderate Unreviewed
CVE-2021-27862 was published Sep 28, 2022
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations... Moderate Unreviewed
CVE-2021-27854 was published Sep 28, 2022
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to... Moderate Unreviewed
CVE-2022-37709 was published Sep 17, 2022
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it.... High Unreviewed
CVE-2022-32744 was published Aug 26, 2022
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking... Moderate Unreviewed
CVE-2022-33991 was published Aug 16, 2022
Due to a bug in the handling of the communication between the client and server, it was possible... Moderate Unreviewed
CVE-2022-35629 was published Jul 30, 2022
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads... High Unreviewed
CVE-2022-2324 was published Jul 30, 2022
Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to... High Unreviewed
CVE-2022-30319 was published Jul 29, 2022
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x... Critical Unreviewed
CVE-2022-2310 was published Jul 28, 2022
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a... Moderate Unreviewed
CVE-2022-1495 was published Jul 27, 2022
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a... Moderate Unreviewed
CVE-2022-1306 was published Jul 26, 2022
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88... Moderate Unreviewed
CVE-2022-1307 was published Jul 26, 2022
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896... Moderate Unreviewed
CVE-2022-1129 was published Jul 24, 2022
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password Moderate
CVE-2022-2368 was published for microweber/microweber (Composer) Jul 12, 2022
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are... High Unreviewed
CVE-2022-22476 was published Jul 9, 2022
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems... High Unreviewed
CVE-2022-1745 was published Jun 25, 2022
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit... Moderate Unreviewed
CVE-2022-32983 was published Jun 21, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2.... Moderate Unreviewed
CVE-2021-32076 was published May 24, 2022
Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core... Moderate Unreviewed
CVE-2020-10135 was published May 24, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Microsoft Edge (Chromium-based) Spoofing Vulnerability High Unreviewed
CVE-2021-42308 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API