Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an... Moderate Unreviewed
CVE-2019-12620 was published May 24, 2022
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an... Moderate Unreviewed
CVE-2019-5478 was published May 24, 2022
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file... Moderate Unreviewed
CVE-2019-12804 was published May 24, 2022
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack... Moderate Unreviewed
CVE-2019-1880 was published May 24, 2022
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions... Moderate Unreviewed
CVE-2019-5431 was published May 24, 2022
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier,... Moderate Unreviewed
CVE-2014-4883 was published May 17, 2022
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity... Moderate Unreviewed
CVE-2015-8254 was published May 17, 2022
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for... Moderate Unreviewed
CVE-2015-9232 was published May 17, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker... Moderate Unreviewed
CVE-2017-2701 was published May 17, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle... Moderate Unreviewed
CVE-2017-1773 was published May 14, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote... Moderate Unreviewed
CVE-2015-0251 was published May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat Moderate
CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 sunSUNQ
A content spoofing vulnerability in the following components allows to render html pages... Moderate Unreviewed
CVE-2018-2434 was published May 13, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software... Moderate Unreviewed
CVE-2017-12740 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other... Moderate Unreviewed
CVE-2017-1405 was published May 13, 2022
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... Moderate Unreviewed
CVE-2018-10626 was published May 13, 2022
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed
CVE-2018-17938 was published May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed
CVE-2016-3016 was published May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7397 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
Insufficient Verification of Data Authenticity in Async Http Client Moderate
CVE-2013-7398 was published for com.ning:async-http-client (Maven) May 13, 2022
MarkLee131
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed
CVE-2014-0364 was published May 13, 2022
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database