GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
126 advisories
Filter by severity
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always...
Moderate
Unreviewed
CVE-2024-25584
was published
Sep 6, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in...
Moderate
Unreviewed
CVE-2022-4539
was published
Aug 31, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0...
Moderate
Unreviewed
CVE-2023-28865
was published
Aug 8, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Matrix Tafnit v8
-
CWE-646: Reliance on File Name or Extension of Externally-Supplied File
Moderate
Unreviewed
CVE-2024-38432
was published
Jul 30, 2024
An attacker with access to the private network (the charger is connected to) or local access to...
Moderate
Unreviewed
CVE-2024-5684
was published
Jun 6, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows...
Moderate
Unreviewed
CVE-2024-31341
was published
May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for...
Moderate
Unreviewed
CVE-2024-27244
was published
May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker...
Moderate
Unreviewed
CVE-2023-6323
was published
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL...
Moderate
Unreviewed
CVE-2023-45586
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33494
was published
May 14, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a...
Moderate
Unreviewed
CVE-2023-35764
was published
Apr 3, 2024
aiosmtpd vulnerable to SMTP smuggling
Moderate
CVE-2024-27305
was published
for
aiosmtpd
(pip)
Mar 13, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the...
Moderate
Unreviewed
CVE-2023-6533
was published
Feb 21, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-32329
was published
Feb 3, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a...
Moderate
Unreviewed
CVE-2023-51766
was published
Dec 24, 2023
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote...
Moderate
Unreviewed
CVE-2023-51765
was published
Dec 24, 2023
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions...
Moderate
Unreviewed
CVE-2023-51764
was published
Dec 24, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode...
Moderate
Unreviewed
CVE-2023-51655
was published
Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
ProTip!
Advisories are also available from the
GraphQL API