Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker... Moderate Unreviewed
CVE-2017-2701 was published May 17, 2022
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for... Moderate Unreviewed
CVE-2015-9232 was published May 17, 2022
ReDoS in Sec-Websocket-Protocol header Moderate
CVE-2021-32640 was published for ws (npm) May 28, 2021
robmcl4
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate... Moderate Unreviewed
CVE-2020-10137 was published Jan 11, 2022
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a... Moderate Unreviewed
CVE-2021-26396 was published Jan 11, 2023
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient... Moderate Unreviewed
CVE-2022-22567 was published Feb 10, 2022
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to... Moderate Unreviewed
CVE-2021-24825 was published Mar 8, 2022
It was found that a specially crafted LUKS header could trick cryptsetup into disabling... Moderate Unreviewed
CVE-2021-4122 was published Aug 25, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs Moderate
CVE-2022-39199 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30... Moderate Unreviewed
CVE-2023-21441 was published Feb 9, 2023
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file... Moderate Unreviewed
CVE-2019-12804 was published May 24, 2022
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could... Moderate Unreviewed
CVE-2023-0350 was published Mar 13, 2023
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file... Moderate Unreviewed
CVE-2019-15613 was published May 24, 2022
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A... Moderate Unreviewed
CVE-2020-7982 was published May 24, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
Insufficient Verification of Data Authenticity in Apache InLong Moderate
CVE-2023-43666 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Kubernetes users may update Pod labels to bypass network policy Moderate
CVE-2023-39347 was published for github.com/cilium/cilium (Go) Sep 26, 2023
odinuge nebril
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity... Moderate Unreviewed
CVE-2023-35719 was published Sep 6, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC Moderate
GHSA-hfmc-7525-mj55 was published for asyncssh (pip) Dec 18, 2023
TrueSkrillor lambdafu
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode... Moderate Unreviewed
CVE-2023-51655 was published Dec 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database